Login Sign Up

CVE-2026-3677

8.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A stack-based buffer overflow vulnerability in Tenda FH451 routers allows remote attackers to execute arbitrary code by manipulating the funcname/funcpara1 arguments in the fromSetCfm function. This affects Tenda FH451 routers running firmware version 1.0.0.9. Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:
  • Tenda FH451
Versions: 1.0.0.9
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement into internal networks, and persistent backdoor installation.

🟠

Likely Case

Device takeover enabling traffic interception, credential theft, and participation in botnets.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - Directly accessible routers can be exploited remotely without authentication.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit vulnerable routers.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code exists and remote exploitation requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable WAN Management

all

Prevent remote access to router administration interface from internet

Network Segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

  • Replace affected routers with supported models
  • Implement strict firewall rules blocking all inbound traffic to router management interfaces

🔍 How to Verify

Check if Vulnerable:

Access router web interface, navigate to System Status or About page, check firmware version equals 1.0.0.9

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is higher than 1.0.0.9 after update

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /goform/setcfm with long funcname/funcpara1 parameters
  • Multiple failed exploit attempts

Network Indicators:

  • Unusual outbound connections from router
  • Traffic patterns suggesting device compromise

SIEM Query:

source="router_logs" AND url="/goform/setcfm" AND (param_length>100 OR status_code=500)

📊 Metadata

CVE ID: CVE-2026-3677
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
Published: March 7, 2026
Last Updated: March 7, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-3677, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)