CVE-2026-3811 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2026-3811?

CVE-2026-3811 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in Tenda FH1202 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the fromP2pListFilter function. This affects Tenda FH1202 routers running firmware version 1.2.0.14(408). Attackers can exploit this without authentication to potentially take full control of affected devices.

📋 TL;DR

A stack-based buffer overflow vulnerability in Tenda FH1202 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the fromP2pListFilter function. This affects Tenda FH1202 routers running firmware version 1.2.0.14(408). Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:

Tenda FH1202

Versions: 1.2.0.14(408)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific firmware version mentioned. Other Tenda models or firmware versions may not be vulnerable.

📦 What is this software?

Fh1202 Firmware by Tenda

View all CVEs affecting Fh1202 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement to internal networks, persistent backdoor installation, and botnet recruitment.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept network traffic, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if device is behind firewall with strict inbound filtering and not internet-facing.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and public exploit code exists, making internet-facing devices immediate targets.

🏢 Internal Only: MEDIUM - Internal devices could still be exploited by compromised internal hosts or through phishing/social engineering attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available on GitHub, making exploitation trivial for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. If update available, download and install via router admin interface. 3. Reboot router after update. 4. Verify firmware version changed from vulnerable version.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected routers in separate VLANs with strict firewall rules to limit potential lateral movement.

Access Control

linux

Block external access to router admin interface (port 80/443) at network perimeter.

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Replace vulnerable devices with different models or brands
Implement strict network monitoring and anomaly detection for affected devices

🔍 How to Verify

Check if Vulnerable:

Access router admin interface and check firmware version under System Status or similar section.

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is no longer 1.2.0.14(408) after update.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/P2pListFilter
Multiple failed exploit attempts with varying page parameter values
Sudden router configuration changes

Network Indicators:

Unusual outbound connections from router
Traffic spikes to/from router on non-standard ports
DNS or routing table modifications

SIEM Query:

source="router.log" AND (uri="/goform/P2pListFilter" OR method="POST" AND uri CONTAINS "P2pListFilter")

📊 Metadata

CVE ID: CVE-2026-3811

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: March 9, 2026

Last Updated: March 9, 2026

🔗 References

https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-p2plistfilter-page-buffer-overflow Exploit,Third Party Advisory
https://vuldb.com/?ctiid.349777 Permissions Required,VDB Entry
https://vuldb.com/?id.349777 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.769041 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-3811, you might also want to check these: