CVE-2026-7035
Published: 26 April 2026
Summary
CVE-2026-7035 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh1202 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the stack-based buffer overflow by requiring timely remediation through firmware patching for the affected Tenda FH1202 httpd component.
Prevents exploitation by enforcing validation of the 'Go' argument in the fromWrlclientSet function to restrict operations within memory bounds.
Provides defense-in-depth against stack-based buffer overflow exploitation via mechanisms like stack canaries, ASLR, and non-executable stacks.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in public-facing httpd web interface (/goform/WrlclientSet) on the router enables remote exploitation of a public-facing application with no user interaction.
NVD Description
A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument Go can lead to stack-based buffer overflow. The attack may be launched remotely.…
more
The exploit has been publicly disclosed and may be utilized.
Deeper analysisAI
CVE-2026-7035 is a stack-based buffer overflow vulnerability affecting the Tenda FH1202 router on firmware version 1.2.0.14. The issue resides in the fromWrlclientSet function within the /goform/WrlclientSet file of the httpd component, where manipulation of the "Go" argument triggers the overflow.
An attacker with network access and low privileges can exploit this remotely with low attack complexity and no user interaction required. Successful exploitation grants high impacts on confidentiality, integrity, and availability, as reflected in the CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability is linked to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
VulDB advisories, including entries at https://vuldb.com/vuln/359615 and https://vuldb.com/submit/798477, detail the vulnerability and associated CTI at https://vuldb.com/vuln/359615/cti. A publicly disclosed exploit is available at https://github.com/Litengzheng/vuldb_new/blob/main/FH1202/vul_20/README.md, and the vendor site is https://www.tenda.com.cn/. No specific patch or mitigation details are outlined in the provided references.
The exploit has been publicly disclosed and may be utilized, heightening the risk for exposed Tenda FH1202 devices.
Details
- CWE(s)