{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-4905/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["buffer-overflow","tenda","router","cve-2026-4905"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA stack-based buffer overflow vulnerability, identified as CVE-2026-4905, has been discovered in Tenda AC5 home routers running firmware version 15.03.06.47. The vulnerability resides within the \u003ccode\u003eformWifiWpsOOB\u003c/code\u003e function in the \u003ccode\u003e/goform/WifiWpsOOB\u003c/code\u003e file, which handles POST requests. Attackers can remotely exploit this flaw by crafting a malicious POST request to this endpoint, specifically targeting the \u003ccode\u003eindex\u003c/code\u003e argument. Successful exploitation leads to arbitrary code execution on the device…\u003c/p\u003e\n","date_modified":"2026-03-27T00:16:24Z","date_published":"2026-03-27T00:16:24Z","id":"/briefs/2026-03-tenda-ac5-overflow/","summary":"A stack-based buffer overflow vulnerability (CVE-2026-4905) exists in Tenda AC5 firmware version 15.03.06.47 allowing remote attackers to execute arbitrary code by manipulating the 'index' argument in a POST request to the /goform/WifiWpsOOB endpoint.","title":"Tenda AC5 Stack-Based Buffer Overflow Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-tenda-ac5-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-4905","version":"https://jsonfeed.org/version/1.1"}