CVE-2026-3807 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2026-3807?

CVE-2026-3807 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in Tenda FH1202 routers allows remote attackers to execute arbitrary code by manipulating the mit_ssid or mit_ssid_index parameters in the formWrlsafeset function. This affects Tenda FH1202 router users running firmware version 1.2.0.14(408). The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A stack-based buffer overflow vulnerability in Tenda FH1202 routers allows remote attackers to execute arbitrary code by manipulating the mit_ssid or mit_ssid_index parameters in the formWrlsafeset function. This affects Tenda FH1202 router users running firmware version 1.2.0.14(408). The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

Tenda FH1202

Versions: 1.2.0.14(408)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerable function is accessible via the web interface, making default configurations vulnerable.

📦 What is this software?

Fh1202 Firmware by Tenda

View all CVEs affecting Fh1202 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network infiltration, and potential lateral movement to other systems.

🟠

Likely Case

Router compromise allowing attackers to intercept traffic, modify DNS settings, or create persistent backdoors.

🟢

If Mitigated

Limited impact with proper network segmentation and firewall rules preventing external access to router admin interfaces.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router admin interface

Network Segmentation

all

Isolate router management interface to trusted network segment

🧯 If You Can't Patch

Replace affected router with different model or vendor
Implement strict firewall rules blocking all external access to router admin interface (port 80/443)

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or System Tools

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Verify firmware version is no longer 1.2.0.14(408) after update

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/AdvSetWrlsafeset with long mit_ssid parameters
Router crash or reboot logs

Network Indicators:

External IP addresses accessing router admin interface
Unusual traffic patterns from router

SIEM Query:

source="router.log" AND (uri="/goform/AdvSetWrlsafeset" AND (param="mit_ssid" OR param="mit_ssid_index") AND length>100)

📊 Metadata

CVE ID: CVE-2026-3807

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: March 9, 2026

Last Updated: March 9, 2026

🔗 References

https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-advsetwrlsafeset-mit-ssid-buffer-overflow Exploit,Third Party Advisory
https://vuldb.com/?ctiid.349773 Permissions Required,VDB Entry
https://vuldb.com/?id.349773 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.769019 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.769020 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-3807, you might also want to check these: