PT-2026-22506 · Tenda · Tenda Ac15

Xuhsy

Publicado

2026-01-03

Atualizado

2026-03-07

CVE-2026-3400

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tenda AC15 versions prior to 15.13.07.14

Description A security issue exists in the TextEditingConversion() function of Tenda AC15 routers. The issue is a stack-based buffer overflow that occurs when processing the wpapsk crypto2 4g parameter within the file /goform/TextEditingConversion. This allows for remote attacks. The exploit for this issue has been publicly released.

Recommendations Versions prior to 15.13.07.14 should be updated. As a temporary workaround, consider restricting access to the /goform/TextEditingConversion file to minimize the risk of exploitation. Avoid using the wpapsk crypto2 4g parameter in the affected API endpoint until the issue is resolved.

Exploit

Correção

Memory Corruption

Buffer Overflow

Stack Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-119CWE-121

Identificadores relacionados

BDU:2026-02411

CVE-2026-3400

Produtos afetados

Tenda Ac15

PT-2026-22506 · Tenda · Tenda Ac15

CVE-2026-3400

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19