CVE-2026-4960

EUVD-2026-16723
A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
tendaac6_firmware
15.03.05.16
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lavender-bicycle-a5a.notion.site/Tenda-AC6-WizardHandle-32053a41781f800eb05feb16885747f7?source=copy_link
https://vuldb.com/?ctiid.353837
https://vuldb.com/?id.353837
https://vuldb.com/?submit.777616
https://www.tenda.com.cn/