CVE-2026-1329 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2026-1329?

CVE-2026-1329 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in Tenda AX1803 routers allows remote attackers to execute arbitrary code by manipulating parameters in the guest WiFi configuration function. This affects Tenda AX1803 routers running firmware version 1.0.0.1. Attackers can exploit this without authentication to potentially take full control of affected devices.

📋 TL;DR

A stack-based buffer overflow vulnerability in Tenda AX1803 routers allows remote attackers to execute arbitrary code by manipulating parameters in the guest WiFi configuration function. This affects Tenda AX1803 routers running firmware version 1.0.0.1. Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:

Tenda AX1803

Versions: 1.0.0.1

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected regardless of configuration. The guest WiFi feature must be accessible via the web interface.

📦 What is this software?

Ax1803 Firmware by Tenda

View all CVEs affecting Ax1803 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement to internal networks, persistent backdoor installation, and botnet recruitment.

🟠

Likely Case

Remote code execution resulting in device takeover, network traffic interception, DNS hijacking, and credential theft from connected devices.

🟢

If Mitigated

Denial of service if exploit fails, or limited impact if device is behind strict network segmentation and firewalls.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and affects internet-facing router interfaces.

🏢 Internal Only: MEDIUM - Internal exploitation possible if attacker gains network access, but requires specific targeting of router management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details are available in the references. The vulnerability requires sending crafted HTTP requests to the router's web interface on port 80/443.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found in provided references

Restart Required: Yes

Instructions:

1. Check Tenda official website for firmware updates. 2. Download latest firmware for AX1803. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router after update completes.

🔧 Temporary Workarounds

Disable Guest WiFi

all

Turn off guest WiFi functionality to remove attack surface

Access router admin interface > WiFi Settings > Guest Network > Disable

Restrict Management Access

all

Limit router management interface access to trusted IPs only

Access router admin interface > Security > Access Control > Restrict to specific IPs

🧯 If You Can't Patch

Isolate router on separate VLAN with strict firewall rules blocking external access to management interface
Implement network monitoring for suspicious HTTP requests to /goform/WifiGuestSet endpoint

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 1.0.0.1, device is vulnerable.

Check Version:

curl -s http://router-ip/login/Auth | grep version OR check web interface System Status page

Verify Fix Applied:

Verify firmware version has been updated to a version later than 1.0.0.1 in router admin interface.

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /goform/WifiGuestSet with unusually long parameter values
Router crash/reboot logs
Failed authentication attempts to router admin

Network Indicators:

HTTP traffic to router IP on port 80/443 with long guestWrlPwd/guestEn/guestSsid parameters
Unusual outbound connections from router after exploitation

SIEM Query:

source="router_logs" AND (url="/goform/WifiGuestSet" AND (param_length>100 OR status=500))

📊 Metadata

CVE ID: CVE-2026-1329

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.12% exploit probability (30.3th percentile)

Published: January 22, 2026

Last Updated: February 3, 2026

🔗 References

https://river-brow-763.notion.site/Tenda-AX1803-Buffer-Overflow-in-fromGetWifiGusetBasic-2e3a595a7aef80a78225db34317daa40#2e3a595a7aef801ab517e4af5631227a Exploit,Third Party Advisory
https://vuldb.com/?ctiid.342305 Permissions Required,VDB Entry
https://vuldb.com/?id.342305 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.736063 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.736064 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.736065 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.736066 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.736067 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1329, you might also want to check these: