Tenda Ac5 vulnerabilities

10 known vulnerabilities affecting tenda/ac5.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH10

Vulnerabilities

Page 1 of 1
CVE-2026-4904HIGHCVSS 7.4v15.03.06.472026-03-27
CVE-2026-4904 [HIGH] CWE-119 CVE-2026-4904: A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
cvelistv5nvd
CVE-2026-4905HIGHCVSS 7.4v15.03.06.472026-03-27
CVE-2026-4905 [HIGH] CWE-119 CVE-2026-4905: A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the f A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
cvelistv5nvd
CVE-2026-4906HIGHCVSS 7.4v15.03.06.472026-03-27
CVE-2026-4906 [HIGH] CWE-119 CVE-2026-4906: A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decode A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be
cvelistv5nvd
CVE-2026-4902HIGHCVSS 7.4v15.03.06.472026-03-26
CVE-2026-4902 [HIGH] CWE-119 CVE-2026-4902: A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of t A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
cvelistv5nvd
CVE-2026-4903HIGHCVSS 7.4v15.03.06.472026-03-26
CVE-2026-4903 [HIGH] CWE-119 CVE-2026-4903: A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickInd A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.
cvelistv5nvd
CVE-2025-6886HIGHCVSS 7.4v15.03.06.472025-06-30
CVE-2025-6886 [HIGH] CWE-119 CVE-2025-6886: A vulnerability has been found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this A vulnerability has been found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the pub
cvelistv5nvd
CVE-2025-6887HIGHCVSS 7.4v15.03.06.472025-06-30
CVE-2025-6887 [HIGH] CWE-119 CVE-2025-6887: A vulnerability was found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this issu A vulnerability was found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/SetSysTimeCfg. The manipulation of the argument time/timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
cvelistv5nvd
CVE-2025-5863HIGHCVSS 7.4v15.03.06.472025-06-09
CVE-2025-5863 [HIGH] CWE-119 CVE-2025-5863: A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used
cvelistv5nvd
CVE-2025-5794HIGHCVSS 7.4v15.03.06.472025-06-06
CVE-2025-5794 [HIGH] CWE-119 CVE-2025-5794: A vulnerability, which was classified as critical, has been found in Tenda AC5 15.03.06.47. Affected A vulnerability, which was classified as critical, has been found in Tenda AC5 15.03.06.47. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
cvelistv5nvd
CVE-2025-5795HIGHCVSS 7.4v1.0v15.03.06.472025-06-06
CVE-2025-5795 [HIGH] CWE-119 CVE-2025-5795: A vulnerability, which was classified as critical, was found in Tenda AC5 1.0/15.03.06.47. This affe A vulnerability, which was classified as critical, was found in Tenda AC5 1.0/15.03.06.47. This affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
cvelistv5nvd