top of page
perceptive_background_267k.jpg

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the com…

Published:

26 March 2026 at 23:00:00

Alert date:

27 March 2026 at 20:07:04

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Mobile & IoT

A stack-based buffer overflow vulnerability was identified in Tenda AC6 router firmware version 15.03.05.16. The vulnerability exists in the formQuickIndex function of the /goform/QuickIndex file within the POST Request Handler component. The flaw can be exploited remotely by manipulating the PPPOEPassword argument, leading to a stack-based buffer overflow condition. The exploit code is publicly available, making this vulnerability particularly dangerous. Attackers can leverage this vulnerability to potentially execute arbitrary code remotely on affected Tenda AC6 devices. The vulnerability affects network infrastructure equipment, specifically wireless routers used in home and small business environments.

Technical details

Mitigation steps:

Affected products:

Tenda AC6

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-4961
https://lavender-bicycle-a5a.notion.site/Tenda-AC6-QuickIndex-32053a41781f80758e27fa4259ec80cf?source=copy_link
https://vuldb.com/?ctiid.353838
https://vuldb.com/?id.353838
https://vuldb.com/?submit.777617
https://www.tenda.com.cn/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page