Vulnerabilities ›

CVE-2026-6015

High

CWE-119 — Weakness Type

                    Published: Apr 10, 2026                      ·  Modified: Apr 17, 2026                      ·  Source: NVD                

CVSS v3

8.8

🔗 NVD Official

📄 Description (English)

A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

🤖 AI Executive Summary

A critical stack-based buffer overflow vulnerability exists in Tenda AC9 router firmware version 15.03.02.13, affecting the QuickIndex POST handler. The vulnerability allows remote attackers to execute arbitrary code by sending a malicious PPPOEPassword parameter, with no authentication required. This poses significant risk to Saudi organizations relying on Tenda routers for network infrastructure, particularly in SMEs and branch offices.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 23, 2026 06:00

🇸🇦 Saudi Arabia Impact Assessment

High impact on Saudi SMEs, government branch offices, healthcare facilities, and educational institutions that deploy Tenda AC9 routers. Banking sector branches and ARAMCO facilities using these routers as edge devices face critical risk of network compromise. Telecom providers (STC, Mobily, Zain) offering Tenda-based CPE to customers are at risk. The vulnerability enables complete network takeover, lateral movement, and data exfiltration without authentication.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Healthcare and Medical Facilities Energy and Utilities (ARAMCO) Telecommunications (STC, Mobily, Zain) Education and Universities Small and Medium Enterprises (SMEs) Retail and E-commerce

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1133 - External Remote Services T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter T1047 - Windows Management Instrumentation T1570 - Lateral Tool Transfer T1557 - Man-in-the-Middle

⚖️ Saudi Risk Score (AI)

8.9

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all Tenda AC9 devices running firmware 15.03.02.13 in your network using network scanning tools

2. Isolate affected routers from critical network segments if possible

3. Implement network segmentation to limit router access to trusted networks only

4. Disable remote management features on affected devices

5. Change all default credentials and PPPOEPassword values to complex strings



COMPENSATING CONTROLS (until patch available):

6. Deploy WAF/IPS rules to block POST requests to /goform/QuickIndex with suspicious PPPOEPassword payloads

7. Monitor for buffer overflow patterns: requests with PPPOEPassword values exceeding 256 bytes

8. Implement network access controls restricting access to router management interfaces

9. Enable logging on all router access attempts and review logs daily

10. Consider replacing Tenda AC9 devices with patched alternatives from other vendors



DETECTION RULES:

- Alert on POST requests to /goform/QuickIndex containing PPPOEPassword parameter >256 characters

- Monitor for unexpected process execution or code injection attempts from router IP addresses

- Track failed authentication attempts to router management interfaces

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع أجهزة Tenda AC9 التي تعمل بالإصدار 15.03.02.13 في الشبكة باستخدام أدوات المسح

2. عزل الأجهزة المتأثرة عن أجزاء الشبكة الحرجة إن أمكن

3. تطبيق تقسيم الشبكة لتحديد وصول الجهاز للشبكات الموثوقة فقط

4. تعطيل ميزات الإدارة البعيدة على الأجهزة المتأثرة

5. تغيير جميع بيانات الاعتماد الافتراضية وقيم PPPOEPassword إلى سلاسل معقدة



الضوابط البديلة (حتى توفر التصحيح):

6. نشر قواعد WAF/IPS لحجب طلبات POST إلى /goform/QuickIndex برسائل PPPOEPassword مريبة

7. مراقبة أنماط تجاوز المخزن المؤقت: الطلبات بقيم PPPOEPassword تتجاوز 256 بايت

8. تطبيق ضوابط الوصول للشبكة لتقييد الوصول لواجهات إدارة الجهاز

9. تفعيل السجلات لجميع محاولات الوصول للجهاز ومراجعة السجلات يومياً

10. استبدال أجهزة Tenda AC9 بأجهزة بديلة معدلة من موردين آخرين

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 - Network Security Controls 5.2 - Access Control Implementation 6.1 - Vulnerability Management 6.2 - Patch Management 7.1 - Incident Detection and Response

🔵 SAMA CSF

ID.RA-1 - Asset Management PR.AC-1 - Access Control Policy PR.PT-2 - Protective Technology DE.CM-1 - Network Monitoring RS.MI-1 - Incident Mitigation

🟡 ISO 27001:2022

A.5.1.1 - Information Security Policies A.8.1.1 - User Endpoint Devices A.8.2.1 - Privileged Access Rights A.12.2.1 - Change Management A.12.6.1 - Management of Technical Vulnerabilities

🟣 PCI DSS v4.0.1

Requirement 1.1 - Firewall Configuration Standards Requirement 6.2 - Security Patches Requirement 11.2 - Vulnerability Scanning

🔗 References & Sources 5

🔗

https://lavender-bicycle-a5a.notion.site/Tenda-AC9-QuickIndex-33153a41781f80458940f212f...

cna@vuldb.com

🔗

https://vuldb.com/submit/791828

cna@vuldb.com

🔗

https://vuldb.com/vuln/356571

cna@vuldb.com

🔗

https://vuldb.com/vuln/356571/cti

cna@vuldb.com

🔗

https://www.tenda.com.cn/

cna@vuldb.com

📊 CVSS Score

8.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.8

CWECWE-119

EPSS0.05%

Exploit No

Patch ✗ No

Published 2026-04-10

Source Feed nvd

🇸🇦 Saudi Risk Score

8.9

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-6015

💬 Comments

Introduce Yourself

Sign In Required