CVE-2026-5046
Remote Stack-Based Buffer Overflow in Tenda FH1201 Parameter Handler
Publication date: 2026-03-29
Last updated on: 2026-03-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | fh1201_firmware | 1.2.0.14(408) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5046 is a stack-based buffer overflow vulnerability found in the Tenda FH1201 router, version 1.2.0.14(408). It occurs in the HTTP daemon component, specifically in the function formWrlExtraSet which processes a user-supplied parameter named "GO".
The vulnerability arises because the "GO" parameter is read into a variable without any length validation and then passed to another function that uses sprintf, which can overflow a stack-based buffer. This overflow can be triggered remotely by sending a specially crafted POST request to the /goform/WrlExtraSet endpoint.
Exploitation of this flaw can lead to denial of service or remote code execution on the affected device.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including denial of service and remote code execution on the affected Tenda FH1201 router.
- Denial of Service (DoS): An attacker can crash the router by triggering the buffer overflow, causing network disruption.
- Remote Code Execution (RCE): An attacker may execute arbitrary code remotely, potentially gaining control over the router.
- Compromise of network security: With control over the router, an attacker could intercept, modify, or redirect network traffic.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious POST requests sent to the /goform/WrlExtraSet endpoint on the Tenda FH1201 router, specifically those containing an excessively long "GO" parameter.
A practical detection method is to capture and analyze HTTP traffic targeting the router to identify unusually long or malformed POST requests to /goform/WrlExtraSet.
For example, using command-line tools like curl or wget, you can attempt to reproduce the exploit with a crafted POST request to test if the system is vulnerable.
- curl -X POST http://<router-ip>/goform/WrlExtraSet -d "GO=$(python3 -c 'print("A"*1000)')"
- tcpdump or Wireshark can be used to capture network traffic and filter for POST requests to /goform/WrlExtraSet to detect potential exploit attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the affected router's management interface to trusted networks only, such as by using firewall rules or network segmentation.
Disabling remote management or HTTP access to the /goform/WrlExtraSet endpoint, if possible, can reduce exposure.
Monitoring and blocking suspicious POST requests with unusually long "GO" parameters can help prevent exploitation.
Applying any available firmware updates or patches from the vendor addressing this vulnerability is strongly recommended once released.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of the CVE-2026-5046 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.