CVE-2026-3808 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2026-3808?

CVE-2026-3808 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in Tenda FH1202 routers allows remote attackers to execute arbitrary code by manipulating the webSiteId parameter. This affects Tenda FH1202 routers running firmware version 1.2.0.14(408). Attackers can exploit this without authentication to potentially take full control of affected devices.

📋 TL;DR

A stack-based buffer overflow vulnerability in Tenda FH1202 routers allows remote attackers to execute arbitrary code by manipulating the webSiteId parameter. This affects Tenda FH1202 routers running firmware version 1.2.0.14(408). Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:

Tenda FH1202

Versions: 1.2.0.14(408)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version only. Other Tenda models or firmware versions may not be vulnerable.

📦 What is this software?

Fh1202 Firmware by Tenda

View all CVEs affecting Fh1202 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, enabling attackers to install malware, pivot to internal networks, or create persistent backdoors.

🟠

Likely Case

Remote code execution resulting in device takeover, allowing attackers to modify router settings, intercept traffic, or launch attacks against internal networks.

🟢

If Mitigated

Denial of service if exploit fails or is detected by security controls, with potential for limited configuration changes.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and affects internet-facing routers.

🏢 Internal Only: MEDIUM - Internal routers could be targeted if attackers gain initial access to the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available on GitHub, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for FH1202. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply the new firmware. 6. Reboot the router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to the vulnerable web interface

Log into router admin → System Tools → Remote Management → Disable

Network segmentation

all

Isolate affected routers from critical internal networks

Configure firewall rules to restrict router access to management VLAN only

🧯 If You Can't Patch

Replace affected routers with patched or different models
Implement strict network access controls and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface: System Status → Firmware Version

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is no longer 1.2.0.14(408) after update

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/webtypelibrary
Multiple failed exploitation attempts
Unexpected router reboots

Network Indicators:

Traffic to router on unusual ports
Suspicious payloads in HTTP requests to router management interface

SIEM Query:

source="router_logs" AND uri="/goform/webtypelibrary" AND (method="POST" OR contains(message, "webSiteId"))

📊 Metadata

CVE ID: CVE-2026-3808

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: March 9, 2026

Last Updated: March 9, 2026

🔗 References

https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-webtypelibrary-websiteid-buffer-overflow Exploit,Third Party Advisory
https://vuldb.com/?ctiid.349774 Permissions Required,VDB Entry
https://vuldb.com/?id.349774 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.769023 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-3808, you might also want to check these: