CVE-2026-11493: Weak Password Requirements in Tenda AC15
CVE-2026-11493 is a vulnerability in Tenda AC15 version 15. 03. 05. 19 involving weak password requirements due to an issue in an unknown function within the Samba configuration file /etc_ro/smb. conf. The vulnerability can only be exploited from within the local network and requires a high level of attack complexity, making exploitation difficult. Although an exploit is publicly available, the overall risk is low based on the CVSS score of 2. 3. No official patch or remediation guidance has been provided by the vendor at this time.
AI Analysis
Technical Summary
This vulnerability affects Tenda AC15 firmware version 15.03.05.19 and relates to weak password requirements stemming from a flaw in an unspecified function of the Samba component's configuration file (/etc_ro/smb.conf). The attack vector is local network access, with high complexity required to exploit. The vulnerability has a low CVSS 4.0 base score of 2.3, indicating limited impact and exploitability. No vendor advisory or patch information is currently available, and no known exploits are reported in the wild.
Potential Impact
The weakness in password requirements could allow an attacker with local network access to potentially compromise authentication mechanisms related to Samba on the device. Due to the high complexity and local access requirement, the impact is limited. The low CVSS score reflects a low severity risk, and no known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict local network access to trusted users and monitor for suspicious activity related to Samba services on the device. Avoid exposing the device to untrusted local networks.
CVE-2026-11493: Weak Password Requirements in Tenda AC15
Description
CVE-2026-11493 is a vulnerability in Tenda AC15 version 15. 03. 05. 19 involving weak password requirements due to an issue in an unknown function within the Samba configuration file /etc_ro/smb. conf. The vulnerability can only be exploited from within the local network and requires a high level of attack complexity, making exploitation difficult. Although an exploit is publicly available, the overall risk is low based on the CVSS score of 2. 3. No official patch or remediation guidance has been provided by the vendor at this time.
CVSS v4.0
Score 2.3low
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects Tenda AC15 firmware version 15.03.05.19 and relates to weak password requirements stemming from a flaw in an unspecified function of the Samba component's configuration file (/etc_ro/smb.conf). The attack vector is local network access, with high complexity required to exploit. The vulnerability has a low CVSS 4.0 base score of 2.3, indicating limited impact and exploitability. No vendor advisory or patch information is currently available, and no known exploits are reported in the wild.
Potential Impact
The weakness in password requirements could allow an attacker with local network access to potentially compromise authentication mechanisms related to Samba on the device. Due to the high complexity and local access requirement, the impact is limited. The low CVSS score reflects a low severity risk, and no known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict local network access to trusted users and monitor for suspicious activity related to Samba services on the device. Avoid exposing the device to untrusted local networks.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-07T10:18:43.938Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a26623fe29bf47b50ad3356
Added to database: 6/8/2026, 6:33:35 AM
Last enriched: 6/8/2026, 6:48:39 AM
Last updated: 6/8/2026, 8:11:51 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.