ID

VAR-202604-2498


CVE

CVE-2026-6016


TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC9  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013782

DESCRIPTION

A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The attack code is publicly available and could be exploited.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-6016 // JVNDB: JVNDB-2026-013782

AFFECTED PRODUCTS

vendor:tendamodel:ac9scope:eqversion:15.03.02.13

Trust: 1.0

vendor:tendamodel:ac9scope:eqversion:ac9 firmware 15.03.02.13

Trust: 0.8

vendor:tendamodel:ac9scope: - version: -

Trust: 0.8

vendor:tendamodel:ac9scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-013782 // NVD: CVE-2026-6016

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-6016
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-013782
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-6016
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-013782
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-6016
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-013782
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-013782 // NVD: CVE-2026-6016

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013782 // NVD: CVE-2026-6016

PATCH

title://vuldb.com/vuln/356572url:https://lavender-bicycle-a5a.notion.site/Tenda-AC9-WizardHandle-33153a41781f808480f9e3b78ce438e0?source=copy_link

Trust: 0.8

sources: JVNDB: JVNDB-2026-013782

EXTERNAL IDS

db:NVDid:CVE-2026-6016

Trust: 2.6

db:JVNDBid:JVNDB-2026-013782

Trust: 0.8

sources: JVNDB: JVNDB-2026-013782 // NVD: CVE-2026-6016

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://lavender-bicycle-a5a.notion.site/tenda-ac9-wizardhandle-33153a41781f808480f9e3b78ce438e0?source=copy_link

Trust: 1.0

url:https://vuldb.com/submit/791829

Trust: 1.0

url:https://vuldb.com/vuln/356572/cti

Trust: 1.0

url:https://vuldb.com/vuln/356572

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-6016

Trust: 0.8

sources: JVNDB: JVNDB-2026-013782 // NVD: CVE-2026-6016

SOURCES

db:JVNDBid:JVNDB-2026-013782
db:NVDid:CVE-2026-6016

LAST UPDATE DATE

2026-06-19T23:43:37.270000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-013782date:2026-05-01T01:42:00
db:NVDid:CVE-2026-6016date:2026-04-30T13:59:44.483

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-013782date:2026-05-01T00:00:00
db:NVDid:CVE-2026-6016date:2026-04-10T06:16:06.780