Primary

Context

Tenda AC15 Stack-Based Buffer Overflow Vulnerability

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Tenda AC15 router, affecting versions through 15.13.07.13. The issue arises in the file '/goform/TextEditingConversion', where the 'wpapsk_crypto2_4g' argument can be manipulated, leading to remote exploitation.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by crashing the router, and could potentially allow for remote code execution.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/TextEditingConversion' endpoint with a payload that includes the 'wpapsk_crypto2_4g' parameter. This parameter should be filled with a string long enough to overflow the buffer, such as 256 'a' characters. The router will crash, demonstrating the denial-of-service impact.

Remediation

No official patch or mitigation is known. It is suggested to replace the affected device with an alternative product.

Added: Mar 2, 2026, 12:18 AM

Updated: Mar 2, 2026, 12:18 AM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.6

remediation

0.0

relevance

3.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.6

remediation

0.0

relevance

3.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC15 Stack-Based Buffer Overflow Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Tenda AC15

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating