Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Tenda AC15 Router: Remote Password Change Manipulation Risk
CVE-2026-5830
Summary
A weakness in the password change feature of Tenda AC15 routers can be exploited remotely, potentially allowing unauthorized access to the device. This means an attacker can gain control over the router, compromising the security of the network it serves. Update the router's firmware as soon as possible to protect against this risk.
Original title
A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to ...
Original description
A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
Published: 9 Apr 2026 · Updated: 9 Apr 2026 · First seen: 9 Apr 2026