{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4041", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-12T08:29:58.398Z", "datePublished": "2026-03-12T15:02:10.303Z", "dateUpdated": "2026-03-12T15:34:55.150Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-12T15:02:10.303Z"}, "title": "Tenda i12 exeCommand vos_strcpy stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "i12", "versions": [{"version": "1.0.0.6(2204)", "status": "affected"}], "cpes": ["cpe:2.3:o:tenda:i12_firmware:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-12T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-12T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-12T09:35:18.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Jimi (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.350653", "name": "VDB-350653 | Tenda i12 exeCommand vos_strcpy stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.350653", "name": "VDB-350653 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.769462", "name": "Submit #769462 | Tenda i12 V1.0.0.6(2204) Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Jimi-Lab/cve/issues/1", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T15:34:48.871766Z", "id": "CVE-2026-4041", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T15:34:55.150Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4041", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T15:34:48.871766Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T15:34:51.304Z"}}], "cna": {"title": "Tenda i12 exeCommand vos_strcpy stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "Jimi (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:o:tenda:i12_firmware:*:*:*:*:*:*:*:*"], "vendor": "Tenda", "product": "i12", "versions": [{"status": "affected", "version": "1.0.0.6(2204)"}]}], "timeline": [{"lang": "en", "time": "2026-03-12T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-12T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-12T09:35:18.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.350653", "name": "VDB-350653 | Tenda i12 exeCommand vos_strcpy stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.350653", "name": "VDB-350653 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.769462", "name": "Submit #769462 | Tenda i12 V1.0.0.6(2204) Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Jimi-Lab/cve/issues/1", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-12T15:02:10.303Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4041", "state": "PUBLISHED", "dateUpdated": "2026-03-12T15:34:55.150Z", "dateReserved": "2026-03-12T08:29:58.398Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-12T15:02:10.303Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:i12_firmware:1.0.0.6\\(2204\\):*:*:*:*:*:*:*", "matchCriteriaId": "294C4C09-FB11-4D03-9DD0-5CEDC115974E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:i12:-:*:*:*:*:*:*:*", "matchCriteriaId": "79D3B1CC-FB4E-40F3-B175-F70F5A44C447", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks."}, {"lang": "es", "value": "Una falla de seguridad ha sido descubierta en Tenda i12 1.0.0.6(2204). Afectada es la funci\u00f3n vos_strcpy del archivo /goform/exeCommand. La manipulaci\u00f3n del argumento cmdinput resulta en desbordamiento de b\u00fafer basado en pila. El ataque puede ser lanzado remotamente. El exploit ha sido publicado al p\u00fablico y puede ser usado para ataques."}], "id": "CVE-2026-4041", "lastModified": "2026-04-02T20:05:05.733", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-12T15:16:33.550", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking"], "url": "https://github.com/Jimi-Lab/cve/issues/1"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.350653"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.350653"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.769462"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.6(2204)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "i12", "source": "cna", "vendor": "Tenda"}, "product": "i12", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-02T23:12:15.990573+00:00", "value": {"mitigation_remediation": ["Update the router firmware to the latest version released by Tenda that addresses the buffer overflow in vos_strcpy.", "If no patch is available, block external access to the /goform/exeCommand endpoint using firewall rules or access controls.", "Isolate the device from untrusted or external networks if possible to reduce exposure.", "Monitor the device for anomalous traffic to /goform/exeCommand and review logs for signs of exploitation attempts.", "Contact Tenda support for guidance or to request a security fix if one is not already issued."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Tenda i12 series of wireless routers when running firmware 1.0.0.6(2204). All devices that have not upgraded beyond this firmware level expose the vulnerable /goform/exeCommand handler and are susceptible to remote exploitation.", "description_and_impact": "A stack-based buffer overflow was discovered in the Tenda i12 router firmware version 1.0.0.6(2204). The flaw originates in the vos_strcpy routine that processes the cmdinput parameter in the /goform/exeCommand endpoint. By supplying an oversized payload, an attacker can corrupt the stack and potentially execute arbitrary code, resulting in full remote compromise of the device. The weakness corresponds to common buffer overflow conditions (CWE\u2011119, CWE\u2011121, CWE\u2011787).", "risk_and_exploitability": "The flaw is rated high on the CVSS scale with a score of 8.7, underscoring its severity. However, the EPSS score is below 1%, indicating a low probability of widespread exploitation at present. Publicly released exploits are available, and the attack can be launched remotely over the network, likely via HTTP requests to the exposed endpoint. Because the condition is purely remote and requires no user interaction, it poses a significant risk to any exposed router. The vulnerability is not listed in the CISA KEV catalog, but its high impact warrants immediate attention."}}}}, "created": "2026-03-13T09:53:09.357739+00:00", "updated": "2026-04-03T09:39:30.947689+00:00", "vendors": ["tenda", "tenda$PRODUCT$i12"]}