CVE-2026-3809
Published: 09 March 2026
Summary
CVE-2026-3809 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1202 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates the 'page' argument in the fromNatStaticSetting function to prevent stack-based buffer overflow from improper input handling.
Remediates the specific stack-based buffer overflow flaw in Tenda FH1202 firmware version 1.2.0.14(408) through timely patching or updates.
Implements memory protections such as stack canaries, ASLR, and non-executable stacks to mitigate exploitation of the stack-based buffer overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in public-facing router web form (/goform/NatSaticSetting) allows remote authenticated low-priv user to achieve arbitrary code execution and full device compromise, directly enabling T1190 (Exploit Public-Facing Application) for initial access and T1068 (Exploitation for Privilege Escalation) from low-priv web account to root-level control.
NVD Description
A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The…
more
exploit has been published and may be used.
Deeper analysisAI
CVE-2026-3809 is a stack-based buffer overflow vulnerability affecting the Tenda FH1202 router on firmware version 1.2.0.14(408). The flaw resides in the fromNatStaticSetting function within the /goform/NatSaticSetting file, where manipulation of the "page" argument triggers the overflow. Published on 2026-03-09, it is linked to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation over the network by an attacker possessing low privileges, with low attack complexity and no need for user interaction. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution or device compromise.
References indicate a proof-of-concept exploit is publicly available on GitHub (https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-natsaticsetting-page-buffer-overflow). VulDB advisories provide further details (https://vuldb.com/?ctiid.349775, https://vuldb.com/?id.349775, https://vuldb.com/?submit.769039), while the vendor site (https://www.tenda.com.cn/) offers general resources; no specific patches or mitigations are outlined in the available information.
Notable context includes the published exploit, increasing the risk of real-world abuse against unpatched Tenda FH1202 devices.
Details
- CWE(s)