CVE-2026-3807 is a stack-based buffer overflow vulnerability identified in the Tenda FH1202 router firmware version 1.2.0.14(408). The vulnerability resides in the formWrlsafeset function, specifically in the /goform/AdvSetWrlsafeset endpoint, which processes wireless security settings. The flaw arises due to insufficient bounds checking when handling the mit_ssid and mit_ssid_index parameters, allowing an attacker to send crafted requests that overflow the stack buffer. This overflow can overwrite critical memory regions, potentially enabling arbitrary code execution or causing denial of service. The attack vector is remote network access, requiring no authentication or user interaction, which significantly lowers the barrier for exploitation. The vulnerability has been assigned a CVSS 4.0 score of 8.7, indicating high severity with high impact on confidentiality, integrity, and availability. Although no confirmed exploits are currently active in the wild, public disclosure of exploit code increases the likelihood of future attacks. The vulnerability affects only the specific firmware version 1.2.0.14(408) of the Tenda FH1202 model, a consumer-grade wireless router commonly used in small office and home environments. The lack of an official patch or mitigation guidance from the vendor at this time increases the urgency for affected users to implement interim protective measures.

The impact of CVE-2026-3807 is significant for organizations and individuals using the Tenda FH1202 router with the vulnerable firmware. Successful exploitation can lead to remote code execution, allowing attackers to gain full control over the device. This can result in interception or manipulation of network traffic, unauthorized access to internal networks, disruption of internet connectivity, and potential pivoting to other internal systems. The compromise of network infrastructure devices like routers can severely undermine organizational security postures, leading to data breaches, espionage, or service outages. Given the remote, unauthenticated attack vector, attackers can exploit this vulnerability from anywhere on the internet, increasing the risk to exposed devices. The absence of patches or mitigations from the vendor further exacerbates the threat, leaving many devices vulnerable. The impact extends to confidentiality, integrity, and availability of network communications, making this a critical risk for both home users and small to medium enterprises relying on this hardware.

1. Immediate mitigation should include isolating the affected Tenda FH1202 devices from untrusted networks, especially the internet, to reduce exposure to remote attacks. 2. Network administrators should implement strict firewall rules to block access to the /goform/AdvSetWrlsafeset endpoint or restrict management interfaces to trusted IP addresses only. 3. Monitor network traffic for unusual requests targeting the vulnerable endpoint or abnormal router behavior indicative of exploitation attempts. 4. If possible, downgrade or upgrade the firmware to a version not affected by this vulnerability; if no official patch is available, consider replacing the device with a more secure alternative. 5. Employ network segmentation to limit the impact of a compromised router on critical internal systems. 6. Regularly audit and update router configurations to disable unnecessary services and enforce strong administrative credentials. 7. Stay informed about vendor advisories and apply patches promptly once released. 8. Consider deploying intrusion detection/prevention systems capable of identifying exploit attempts targeting this vulnerability.