{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-4903/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-4903","buffer-overflow","tenda"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4903 describes a critical stack-based buffer overflow vulnerability affecting Tenda AC5 routers, specifically version 15.03.06.47. The vulnerability resides within the \u003ccode\u003eformQuickIndex\u003c/code\u003e function of the \u003ccode\u003e/goform/QuickIndex\u003c/code\u003e component, which handles POST requests. An attacker can remotely exploit this vulnerability by crafting a malicious POST request to \u003ccode\u003e/goform/QuickIndex\u003c/code\u003e with an overly long \u003ccode\u003ePPPOEPassword\u003c/code\u003e argument. This overflow allows the attacker to potentially overwrite adjacent…\u003c/p\u003e\n","date_modified":"2026-03-27T12:00:00Z","date_published":"2026-03-27T12:00:00Z","id":"/briefs/2026-03-tenda-ac5-bo/","summary":"A stack-based buffer overflow vulnerability exists in Tenda AC5 version 15.03.06.47, allowing remote attackers to execute arbitrary code by manipulating the `PPPOEPassword` argument in the `formQuickIndex` function of the `/goform/QuickIndex` component.","title":"Tenda AC5 Stack-Based Buffer Overflow Vulnerability (CVE-2026-4903)","url":"https://feed.craftedsignal.io/briefs/2026-03-tenda-ac5-bo/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-4903","version":"https://jsonfeed.org/version/1.1"}