CVE-2026-3808 in FH1202
Summary
by MITRE • 03/09/2026
A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 03/09/2026
This vulnerability exists in the Tenda FH1202 router firmware version 1.2.0.14(408) and specifically targets the formWebTypeLibrary function within the /goform/webtypelibrary file. The flaw represents a stack-based buffer overflow condition that occurs when processing the webSiteId argument parameter. This type of vulnerability falls under CWE-121, which categorizes stack-based buffer overflow conditions where insufficient bounds checking allows an attacker to overwrite adjacent memory locations on the program stack. The vulnerability is particularly concerning because it can be exploited remotely, eliminating the need for physical access to the device.
The technical implementation of this flaw allows an attacker to manipulate the webSiteId parameter in a manner that exceeds the allocated buffer space, leading to potential memory corruption and arbitrary code execution. When the firmware processes this malformed input, the stack frame becomes corrupted, potentially allowing an attacker to overwrite return addresses, function pointers, or other critical memory locations. This type of vulnerability aligns with ATT&CK technique T1210 which involves exploiting weaknesses in remote services to gain system access. The stack-based nature of the overflow means that the attacker can potentially control the instruction pointer and execute malicious code with the privileges of the affected service.
The operational impact of this vulnerability is significant for network security and device management. Remote exploitation could enable attackers to gain unauthorized access to the router's administrative interface, potentially leading to complete device compromise. This would allow threat actors to modify network settings, redirect traffic, install malware, or use the device as a pivot point for attacks on other networked systems. The public availability of exploit code increases the likelihood of widespread exploitation, making this vulnerability particularly dangerous for organizations with unpatched Tenda FH1202 devices in their network infrastructure. The affected device serves as a critical network gateway, and compromise could result in extended network infiltration and data exfiltration capabilities.
Mitigation strategies should focus on immediate firmware updates from Tenda to address the buffer overflow condition in the webtypelibrary function. Network administrators should implement network segmentation to limit the potential impact of device compromise and deploy intrusion detection systems to monitor for exploitation attempts. Access controls should be enforced through secure authentication mechanisms and regular credential rotation. Additionally, organizations should conduct vulnerability assessments to identify all instances of the affected firmware version and ensure proper patch management procedures are in place. The solution must address the root cause through proper input validation and bounds checking, implementing the principle of least privilege for the webtypelibrary function to minimize potential damage from successful exploitation attempts.