CVE-2026-5036 in Tenda 4G06
Summary
A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.
Disclosure
03/29/2026
Entries
| ID | Vulnerability | CWE | Base | Temp | 0day | Today | Exp | KEV | EPSS | CTI | Cou | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 353962 | Tenda 4G06 Endpoint DhcpListClient fromDhcpListClient stack-based overflow | 121 | 8.8 | 8.0 | $0-$5k | $0-$5k | Proof-of-Concept | 0.00046 | 1.16 | Not defined | CVE-2026-5036 |