CVE-2026-3811
Published: 09 March 2026
Summary
CVE-2026-3811 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1202 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring timely identification, reporting, and patching of the stack-based buffer overflow flaw in the router firmware.
Prevents exploitation by enforcing validation of the 'page' argument in the /goform/P2pListFilter CGI endpoint to block invalid inputs causing buffer overflow.
Implements memory protections such as stack canaries or DEP to block unauthorized code execution from the stack-based buffer overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in remotely accessible web CGI (/goform/P2pListFilter) allows authenticated low-priv users to achieve RCE on public-facing router interface (T1190); overflow directly provides privilege escalation from limited web account to full device control (T1068).
NVD Description
A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public…
more
and could be used.
Deeper analysisAI
CVE-2026-3811 is a stack-based buffer overflow vulnerability (CWE-119, CWE-121) in Tenda FH1202 routers running firmware version 1.2.0.14(408). The flaw resides in the fromP2pListFilter function within the /goform/P2pListFilter CGI endpoint, where manipulation of the "page" argument triggers the overflow.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is remotely exploitable by attackers possessing low privileges, such as authenticated users. Successful exploitation could grant high-impact outcomes, including unauthorized access to sensitive data, modification of system integrity, and denial of service through potential remote code execution.
An exploit has been publicly released on GitHub (https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-p2plistfilter-page-buffer-overflow), with further details documented on VulDB (https://vuldb.com/?ctiid.349777, https://vuldb.com/?id.349777, https://vuldb.com/?submit.769041). Practitioners should monitor the vendor's site (https://www.tenda.com.cn/) for firmware patches or mitigation guidance.
The public availability of the exploit increases the risk of real-world attacks against unpatched Tenda FH1202 devices.
Details
- CWE(s)