HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-11528Published Modified CNA VulDB

CVE-2026-11528: Tenda AC18 Web Management getRebootStatus sub_45304 stack-based overflow

A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of the argument callback results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.

Metrics

CVSS v4.0
8.7
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A stack-based buffer overflow exists in the Tenda AC18 router firmware (version 15.03.05.05) within the getRebootStatus handler of the web management interface. The vulnerability is reachable over the network by an authenticated attacker with low-privilege credentials, triggered by sending a crafted callback argument to the /goform/getRebootStatus endpoint. Successful exploitation gives the attacker full control over the device, including the ability to read stored configuration data, modify device settings, and crash or hijack the running firmware process. No fix version has been published; HarborGuard tracks this advisory and will make a patched rebuild available as soon as an upstream fix is released.

HarborGuard Coverage

Detection

Detection of CVE-2026-11528 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream feeds including VulDB, NVD, and mirrored vendor advisories. Coverage extends to custom-built images derived from Tenda AC18 firmware layers, not just images pulled from public registries.

Available
Triage

Triage is available with the CVSS v4.0 base score of 8.7 (HIGH) surfaced alongside per-environment compliance policy weighting, so teams running stricter policies on network-edge or IoT device firmware images see this issue prioritized accordingly. Routing to the appropriate team inbox within each customer org is handled automatically based on image ownership and policy configuration.

Available
Patch

Because no upstream fix version has been published for Tenda AC18 15.03.05.05, HarborGuard re-checks this advisory on every ingest cycle and will make a patched-image rebuild available the moment the vendor ships a corrected firmware version. In the meantime, customers can apply compensating controls through HarborGuard policy rules, such as flagging any image containing this firmware version for network-policy isolation review.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the web management interface over the network; the vulnerable endpoint is exposed via the device's HTTP server.

  • AuthenticationRequired

    A low-privilege account on the web management interface is sufficient to reach the vulnerable endpoint and trigger the overflow.

  • Victim interactionNot required

    No action from another user or victim is needed; the attacker sends the crafted request directly.

  • Attack complexityDetail

    Exploit complexity is low, meaning the overflow is reliably triggered without needing specific memory layouts, race conditions, or environmental prerequisites.

Blast Radius

  • Reads stored configuration data from the device, including Wi-Fi credentials, admin passwords, and network topology settings.
  • Modifies device configuration, allowing the attacker to redirect DNS, open firewall rules, or enroll the device in a botnet.
  • Crashes the web management process or the full firmware, causing a denial of service and potentially a reboot loop.
  • Achieves arbitrary code execution in the context of the firmware process, giving the attacker persistent control over the device.

How HarborGuard Handles This

Available on HarborGuard: this CVE is ingested from VulDB and upstream feeds and matched against all customer images, including custom firmware-derived images, within minutes of publication. Because no upstream patch exists for Tenda AC18 15.03.05.05 at this time, no rebuild is yet available, but HarborGuard monitors the advisory on every ingest cycle and will automatically make a patched-image rebuild available the moment Tenda publishes a corrected firmware version. For customers who opt into auto-remediation, that rebuild will trigger a regression test run and a PR opened against affected workloads with no manual intervention required. While waiting for an upstream fix, compensating controls worth reviewing include network-policy isolation of images or workloads derived from this firmware (restricting inbound access to the web management port), egress filtering to limit what a compromised device can reach, and flagging images at this firmware version as non-compliant for production deployment under a HarborGuard compliance policy rule.

See how HarborGuard automates this
Affected packages
  • Tenda / AC18
    15.03.05.05
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
References