Platform
tenda
Component
tenda-ac5-firmware
A critical vulnerability, CVE-2026-4902, has been identified in Tenda AC5 Firmware version 15.03.06.47. This vulnerability is a stack-based buffer overflow stemming from improper handling of the 'page' argument within the /goform/addressNat endpoint. Successful exploitation allows for remote code execution, potentially granting an attacker full control of the affected device. A public exploit is now available, increasing the urgency of remediation.
The buffer overflow vulnerability in Tenda AC5 Firmware allows a remote attacker to execute arbitrary code on the device. This means an attacker could potentially gain complete control over the router, including access to its configuration, network traffic, and connected devices. The ability to remotely execute code makes this a high-impact vulnerability, enabling attackers to perform actions such as modifying firewall rules, intercepting sensitive data, launching attacks against internal network resources, or even using the router as a bot in a distributed denial-of-service (DDoS) attack. The availability of a public exploit significantly lowers the barrier to entry for malicious actors.
CVE-2026-4902 is a publicly disclosed vulnerability with a readily available exploit. This significantly increases the likelihood of exploitation. The vulnerability is not currently listed on CISA KEV, but given the public exploit, it is likely to be added. The ease of exploitation and the potential impact make this a high-priority vulnerability to address.
Exploit Status
EPSS
0.08% (24% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-4902 is to upgrade to a patched version of Tenda AC5 Firmware as soon as it becomes available from Tenda. Until a patch is released, consider implementing temporary workarounds such as restricting access to the /goform/addressNat endpoint using a firewall or access control list (ACL). Monitor network traffic for suspicious activity targeting this endpoint. While a direct detection signature is difficult to create without specific exploit patterns, monitor system logs for unusual memory access patterns or crashes related to the router's web interface. After upgrading, confirm the vulnerability is resolved by attempting to trigger the overflow (carefully, in a controlled environment) and verifying that the router does not crash or exhibit unexpected behavior.
Update the Tenda AC5 router firmware to a version later than 15.03.06.47 that fixes the buffer overflow vulnerability. Consult the manufacturer's website for the latest firmware version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4902 is a HIGH severity buffer overflow vulnerability in Tenda AC5 Firmware version 15.03.06.47, allowing remote code execution via manipulation of the 'page' argument.
If you are using Tenda AC5 Firmware version 15.03.06.47 and have not upgraded, you are likely affected by this vulnerability.
The recommended fix is to upgrade to a patched version of Tenda AC5 Firmware as soon as it becomes available from Tenda. Until then, restrict access to the vulnerable endpoint.
Yes, a public exploit exists, indicating a high probability of active exploitation.
Please refer to the official Tenda website or security advisories for updates and information regarding CVE-2026-4902.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.