CVE-2026-3807 in FH1202info

Summary

by MITRE • 03/09/2026

A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 03/09/2026

This vulnerability exists within the Tenda FH1202 router firmware version 1.2.0.14(408) and specifically targets the formWrlsafeset function located in the /goform/AdvSetWrlsafeset file. The flaw represents a stack-based buffer overflow condition that occurs when manipulating the mit_ssid or mit_ssid_index arguments, creating a critical security risk that allows remote code execution. The vulnerability stems from insufficient input validation and bounds checking within the firmware's web interface handling mechanism, where user-supplied parameters are directly processed without adequate sanitization measures.

The technical implementation of this vulnerability follows a classic stack buffer overflow pattern where the mit_ssid and mit_ssid_index parameters are processed through the web form interface without proper boundary checks. When these parameters exceed the allocated buffer space on the stack, they overwrite adjacent memory locations, potentially allowing an attacker to inject malicious code or manipulate program execution flow. This type of vulnerability is categorized under CWE-121 Stack-based Buffer Overflow, which is classified as a critical weakness in software security design and is commonly exploited in network device attacks.

The operational impact of this vulnerability is severe as it enables remote exploitation without requiring authentication, making it particularly dangerous for network administrators and end users. Attackers can leverage this vulnerability to execute arbitrary code on the affected device, potentially gaining full control over the router's functionality. This could lead to unauthorized network access, data interception, man-in-the-middle attacks, or the device being used as a pivot point for further network infiltration. The publicly disclosed exploit means that threat actors can readily weaponize this vulnerability against unpatched devices, creating an immediate risk for organizations and individuals using this specific router model.

Mitigation strategies should prioritize immediate firmware updates from Tenda to address the identified buffer overflow vulnerability. Network administrators should implement network segmentation and access controls to limit exposure, while monitoring network traffic for suspicious activities that might indicate exploitation attempts. The vulnerability aligns with ATT&CK technique T1059.007 Command and Scripting Interpreter: JavaScript, as exploitation likely involves JavaScript-based web interface manipulation. Additionally, implementing web application firewalls and regular security assessments of network devices can help detect and prevent exploitation attempts. Organizations should also consider disabling unnecessary web management interfaces and implementing strong network monitoring to identify potential compromise indicators. The vulnerability demonstrates the critical importance of secure coding practices in embedded systems and highlights the need for regular security assessments of network infrastructure devices.

Responsible

VulDB

Disclosure

03/09/2026

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00644

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!