{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3807", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-08T16:22:36.756Z", "datePublished": "2026-03-09T06:32:08.531Z", "dateUpdated": "2026-03-10T15:44:51.033Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-09T06:32:08.531Z"}, "title": "Tenda FH1202 AdvSetWrlsafeset formWrlsafeset stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "FH1202", "versions": [{"version": "1.2.0.14(408)", "status": "affected"}], "cpes": ["cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-08T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-08T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-08T17:28:02.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Fan95 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.349773", "name": "VDB-349773 | Tenda FH1202 AdvSetWrlsafeset formWrlsafeset stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.349773", "name": "VDB-349773 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.769019", "name": "Submit #769019 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.769020", "name": "Submit #769020 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-advsetwrlsafeset-mit-ssid-buffer-overflow", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T15:44:02.273541Z", "id": "CVE-2026-3807", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T15:44:51.033Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3807", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-10T15:44:02.273541Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T15:44:46.767Z"}}], "cna": {"title": "Tenda FH1202 AdvSetWrlsafeset formWrlsafeset stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "Fan95 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"], "vendor": "Tenda", "product": "FH1202", "versions": [{"status": "affected", "version": "1.2.0.14(408)"}]}], "timeline": [{"lang": "en", "time": "2026-03-08T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-08T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-08T17:28:02.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.349773", "name": "VDB-349773 | Tenda FH1202 AdvSetWrlsafeset formWrlsafeset stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.349773", "name": "VDB-349773 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.769019", "name": "Submit #769019 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.769020", "name": "Submit #769020 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-advsetwrlsafeset-mit-ssid-buffer-overflow", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-09T06:32:08.531Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3807", "state": "PUBLISHED", "dateUpdated": "2026-03-10T15:44:51.033Z", "dateReserved": "2026-03-08T16:22:36.756Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-09T06:32:08.531Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:fh1202_firmware:1.2.0.14\\(408\\):*:*:*:*:*:*:*", "matchCriteriaId": "B9FD9D0A-39F4-4AD8-AEE0-71C9E77D2799", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A632A11-60A0-457C-A039-BED32F83BD52", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used."}, {"lang": "es", "value": "Una vulnerabilidad de seguridad ha sido detectada en Tenda FH1202 1.2.0.14(408). Afectada es la funci\u00f3n formWrlsafeset del archivo /goform/AdvSetWrlsafeset. Tal manipulaci\u00f3n del argumento mit_ssid/mit_ssid_index conduce a un desbordamiento de b\u00fafer basado en pila. El ataque puede ser lanzado remotamente. El exploit ha sido divulgado p\u00fablicamente y puede ser utilizado."}], "id": "CVE-2026-3807", "lastModified": "2026-03-09T16:20:08.637", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-09T07:16:04.147", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-advsetwrlsafeset-mit-ssid-buffer-overflow"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.349773"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.349773"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.769019"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.769020"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.2.0.14(408)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FH1202", "source": "cna", "vendor": "Tenda"}, "product": "fh1202", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-18T17:26:48.388268+00:00", "value": {"mitigation_remediation": ["Check Tenda\u2019s support portal for a firmware update that resolves the buffer overflow and apply it when available.", "Use firewall or ACL to block external access to the /goform/AdvSetWrlsafeset endpoint, limiting exposure of the vulnerable interface.", "If the router allows it, disable the AdvSetWrlsafeset functionality or restrict the web interface to local access only.", "Monitor threat intelligence sources for emerging exploit activity related to CVE\u20112026\u20113807."], "summary": {"action": "Apply Workaround", "impact": "Remote Buffer Overflow"}, "threat_synthesis": {"affected_systems": "Affected devices are Tenda FH1202 routers with firmware version 1.2.0.14(408). No other vendors, products, or firmware revisions are listed as impacted in the CNA or CPE entries.", "description_and_impact": "This vulnerability presents a stack-based buffer overflow in the formWrlsafeset function within the /goform/AdvSetWrlsafeset interface of Tenda FH1202 routers running firmware 1.2.0.14(408). By supplying crafted values for the mit_ssid/mit_ssid_index parameters, an attacker can overflow the local stack buffer. The CVE description does not specify the exact consequences, but a stack overflow can potentially allow the attacker to execute arbitrary code or cause a denial of service.", "risk_and_exploitability": "The CVSS score of 8.7 marks the flaw as high severity; however, the EPSS score of less than 1% suggests a low current exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog, indicating no widespread exploitation yet. Attackers would need remote network access to the router\u2019s web interface, specifically the /goform/AdvSetWrlsafeset endpoint, to craft the malicious mit_ssid input. The attack vector is described as remote, but the exact method of code execution remains unspecified."}}}}, "created": "2026-03-10T14:10:15.746350+00:00", "updated": "2026-04-18T17:30:05.955869+00:00", "vendors": ["tenda", "tenda$PRODUCT$fh1202"]}