CVE-2026-3807
Published: 09 March 2026
Summary
CVE-2026-3807 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1202 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 29.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the stack-based buffer overflow in Tenda FH1202 firmware by requiring timely flaw remediation through vendor patches or updates.
Prevents exploitation of the buffer overflow vulnerability by validating mit_ssid and mit_ssid_index inputs at the /goform/AdvSetWrlsafeset entry point to ensure they stay within safe bounds.
Implements memory protections such as stack canaries and non-executable stacks to block arbitrary code execution from the stack-based buffer overflow in formWrlsafeset.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in router web management form enables remote authenticated RCE on public-facing interface (T1190) and achieves privilege escalation from low-priv auth to full compromise (T1068).
NVD Description
A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been…
more
disclosed publicly and may be used.
Deeper analysisAI
CVE-2026-3807 is a stack-based buffer overflow vulnerability affecting the Tenda FH1202 router on firmware version 1.2.0.14(408). The flaw resides in the formWrlsafeset function within the /goform/AdvSetWrlsafeset file, where manipulation of the mit_ssid or mit_ssid_index arguments triggers the overflow. Published on 2026-03-09, it is associated with CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation over the network with low attack complexity and requires only low privileges, such as those of an authenticated user. Successful exploitation grants high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution and full router compromise.
Advisories referenced in VulDB entries (ctiid.349773, id.349773) and submission pages detail the issue, while a GitHub repository at https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-advsetwrlsafeset-mit-ssid-buffer-overflow contains a publicly disclosed exploit that may be used by attackers.
The public availability of the exploit underscores the urgency for affected users to monitor for updates, as no specific patches are mentioned in the provided details.
Details
- CWE(s)