A vulnerability was found in Tenda AC18 15.03.05.05 . It has been declared as critical . The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface . The manipulation of the argument callback results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-11528 . The attack may be launched remotely. Furthermore, there is an exploit available.