CVE-2026-4905

HighPublic PoC

Published: 27 March 2026

Published

27 March 2026

Modified

31 March 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0009 25.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-4905 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac5 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly addresses the CVE by requiring timely flaw remediation through vendor firmware updates to fix the stack-based buffer overflow in the formWifiWpsOOB function.

SI-10 Information Input Validation good match

prevent

Prevents the buffer overflow by validating the manipulated 'index' argument in POST requests to /goform/WifiWpsOOB.

SI-16 Memory Protection partial match

prevent

Mitigates exploitation of the stack-based buffer overflow using memory protections such as stack canaries and address space layout randomization.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Stack buffer overflow in network-exposed web form handler (/goform/WifiWpsOOB) directly enables remote exploitation of a public-facing application (T1190) with low privileges that yields RCE and full device control (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack…

is possible. The exploit has been made public and could be used.

Deeper analysisAI

CVE-2026-4905 is a stack-based buffer overflow vulnerability affecting Tenda AC5 routers running firmware version 15.03.06.47. The issue resides in the formWifiWpsOOB function within the /goform/WifiWpsOOB file of the POST Request Handler component. Manipulation of the "index" argument triggers the overflow, as documented with associated CWEs-119, CWE-121, and CWE-787.

Remote attackers can exploit this vulnerability over the network with low attack complexity and low privileges (PR:L), requiring no user interaction. The CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) reflects high impacts on confidentiality, integrity, and availability, potentially enabling remote code execution. An exploit has been made public and could be used.

Advisories from VulDB (https://vuldb.com/?ctiid.353656, https://vuldb.com/?id.353656, https://vuldb.com/?submit.777393) and a detailed analysis at https://lavender-bicycle-a5a.notion.site/Tenda_AC5_WifiWpsOOB_index-32053a41781f8096a9b6e48177c25eb0 provide further technical details. The vendor site (https://www.tenda.com.cn/) should be checked for any firmware updates or mitigation guidance.

Details

CWE(s): CWE-119 CWE-121 CWE-787

Affected Products

tenda

ac5 firmware

15.03.06.47

CVEs Like This One

CVE-2026-4902Same product: Tenda Ac5

CVE-2026-4904Same product: Tenda Ac5

CVE-2026-4903Same product: Tenda Ac5

CVE-2026-4906Same product: Tenda Ac5

CVE-2026-4008Same vendor: Tenda

CVE-2026-4043Same vendor: Tenda

CVE-2026-3971Same vendor: Tenda

CVE-2026-4042Same vendor: Tenda

CVE-2026-3970Same vendor: Tenda

CVE-2026-4975Same vendor: Tenda

References

https://lavender-bicycle-a5a.notion.site/Tenda_AC5_WifiWpsOOB_index-32053a41781f8096a9b6e48177c25eb0?source=copy_link
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.353656
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.353656
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.777393
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com