CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-6015

A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.9%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

https://lavender-bicycle-a5a.notion.site/Tenda-AC9-QuickIndex-33153a41781f80458940f212f150a4fb?source=copy_link
https://vuldb.com/submit/791828
https://vuldb.com/vuln/356571
https://vuldb.com/vuln/356571/cti
https://www.tenda.com.cn/

Products affected by CVE-2026-6015

Tenda » Ac9 » Version: 1.0

cpe:2.3:h:tenda:ac9:1.0
Tenda » Ac9 Firmware » Version: 15.03.02.13

cpe:2.3:o:tenda:ac9_firmware:15.03.02.13

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-6015

Products

Pricing

Contact Us