CVE-2026-3810
Published: 09 March 2026
Summary
CVE-2026-3810 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1202 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of the stack-based buffer overflow flaw in the Tenda FH1202 firmware version 1.2.0.14(408).
Mandates validation of the 'page' argument in the /goform/DhcpListClient endpoint to block manipulation leading to buffer overflow.
Enforces memory protections such as stack canaries and non-executable stacks to mitigate remote code execution from stack-based buffer overflows.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in authenticated web endpoint (/goform/DhcpListClient) with PR:L directly enables remote code execution, mapping to exploitation for privilege escalation on the device.
NVD Description
A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been…
more
disclosed to the public and may be used.
Deeper analysisAI
CVE-2026-3810 is a stack-based buffer overflow vulnerability affecting the Tenda FH1202 router on firmware version 1.2.0.14(408). The flaw exists in the fromDhcpListClient function, accessible via the /goform/DhcpListClient endpoint, where manipulation of the "page" argument triggers the overflow. It is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
Remote exploitation is possible by an attacker with low privileges (PR:L), requiring network access (AV:N) and low attack complexity (AC:L) with no user interaction (UI:N). Successful exploitation can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), as indicated by the CVSS v3.1 base score of 8.8, potentially enabling remote code execution on the affected device.
Advisories referenced in VulDB (ctiid.349776, id.349776, submit.769040) document the vulnerability, while a GitHub repository (Svigo-o/Tenda_vul/tree/main/tenda-fh1202-dhcplistclient-page-buffer-overflow) contains a publicly disclosed exploit that may be used. The Tenda website (tenda.com.cn) is listed among references, but no specific patch or mitigation details are provided in the available information.
The exploit has been disclosed to the public, increasing the risk of active exploitation against unpatched Tenda FH1202 devices.
Details
- CWE(s)