https://feed.craftedsignal.io/tags/cve-2026-4903/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 27 Mar 2026 12:00:00 +0000https://feed.craftedsignal.io/briefs/2026-03-tenda-ac5-bo/Fri, 27 Mar 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-tenda-ac5-bo/A stack-based buffer overflow vulnerability exists in Tenda AC5 version 15.03.06.47, allowing remote attackers to execute arbitrary code by manipulating the `PPPOEPassword` argument in the `formQuickIndex` function of the `/goform/QuickIndex` component.CVE-2026-4903 describes a critical stack-based buffer overflow vulnerability affecting Tenda AC5 routers, specifically version 15.03.06.47. The vulnerability resides within the formQuickIndex function of the /goform/QuickIndex component, which handles POST requests. An attacker can remotely exploit this vulnerability by crafting a malicious POST request to /goform/QuickIndex with an overly long PPPOEPassword argument. This overflow allows the attacker to potentially overwrite adjacent…

]]>criticaladvisorycve-2026-4903buffer-overflowtenda