CVE-2026-11528NVD

Vulnerability Summary

A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of the argument callback results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.

Severity Level

HIGH(8.8)

Published Date

Jun 8, 2026

Last Modified

Jun 9, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.09%Probability

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://vuldb.com/vuln/369145
https://vuldb.com/vuln/369145/cti
https://vuldb.com/cve/CVE-2026-11528
https://vuldb.com/submit/836474
https://github.com/Robots10/IoT_vlu/blob/main/reports/Tenda/getRebootStatus/getRebootStatus.md
https://www.tenda.com.cn/

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-11528NVD

Vulnerability Summary

External References