CVE-2026-36786
Deferred Deferred - Pending Action

Stack Overflow in Tenda FH451 Router Firmware

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-29
AI Q&A
2026-06-08
EPSS Evaluated
2026-06-27
NVD
CVE-2026-36786
EUVD
EUVD-2026-35118

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
tenda fh451 v1.0.0.9

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-36786 is a stack-based buffer overflow vulnerability found in the Tenda FH451 router, version V1.0.0.9. It occurs in the fromDhcpListClient function, which processes HTTP requests. Specifically, the vulnerability is triggered when an attacker sends a crafted HTTP request with a long 'list1' parameter. The function uses unsafe string operations without proper bounds checking, causing a buffer overflow on the stack.

Detection Guidance

This vulnerability can be detected by sending a crafted HTTP request to the vulnerable Tenda FH451 router's fromDhcpListClient endpoint. Specifically, an HTTP request with the parameter list1 set to a long string (for example, 888 'a' characters) and LISTLEN set to 1 can trigger the stack overflow.

A detection command could involve using curl or a similar HTTP client to send this crafted request and observe if the device crashes or becomes unresponsive, indicating the presence of the vulnerability.

  • curl -X GET "http://<router-ip>/fromDhcpListClient?list1=$(python -c 'print("a"*888)')&LISTLEN=1"

If the device crashes or shows instability after this request, it is likely vulnerable to CVE-2026-36786.

Mitigation Strategies

Immediate mitigation steps include restricting access to the fromDhcpListClient endpoint to trusted networks only, such as by using firewall rules or network segmentation.

Additionally, monitoring and blocking suspicious HTTP requests containing unusually long parameters to this endpoint can help prevent exploitation.

Ultimately, updating the router firmware to a version that patches this stack overflow vulnerability is recommended once available.

Impact Analysis

This vulnerability can be exploited by attackers to cause a Denial of Service (DoS) on the affected device. By sending a specially crafted HTTP request, the attacker can cause the router to crash or become unstable, disrupting network connectivity and availability.

Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-36786 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36786. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart