CVE-2026-4041 is a stack-based buffer overflow vulnerability identified in the Tenda i12 router firmware version 1.0.0.6(2204). The vulnerability arises from improper bounds checking in the vos_strcpy function, specifically in the /goform/exeCommand endpoint, which processes the cmdinput parameter. An attacker can remotely send a specially crafted request to this endpoint, causing a stack overflow by exceeding the buffer size allocated for cmdinput. This overflow can overwrite the stack, potentially allowing arbitrary code execution, privilege escalation, or denial of service. The vulnerability requires no authentication and no user interaction, making it highly exploitable over the network. The CVSS 4.0 score of 8.7 reflects its high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. While no active exploitation has been reported, the availability of a public exploit increases the likelihood of attacks. The affected product, Tenda i12, is a consumer and small office router, commonly used in various regions worldwide. The lack of an official patch at the time of disclosure necessitates immediate mitigation efforts to reduce risk.

The vulnerability allows remote attackers to execute arbitrary code on affected Tenda i12 routers, potentially leading to full device compromise. This can result in unauthorized access to internal networks, interception or manipulation of network traffic, and disruption of network services. The compromise of routers can serve as a foothold for lateral movement within corporate or home networks, enabling further attacks on connected devices. The impact extends to confidentiality breaches, integrity violations through malicious firmware or configuration changes, and availability issues due to device crashes or reboots. Organizations relying on these routers for critical connectivity, including small businesses and home offices, face significant operational and security risks. The public availability of an exploit increases the urgency for mitigation to prevent widespread exploitation.

1. Immediately isolate affected Tenda i12 devices from untrusted networks to reduce exposure. 2. Monitor network traffic for unusual requests targeting the /goform/exeCommand endpoint, especially those containing suspicious cmdinput parameters. 3. Employ network-level filtering or firewall rules to block or restrict access to the vulnerable endpoint from external sources. 4. Regularly check for and apply official firmware updates or patches from Tenda as they become available. 5. If patching is not immediately possible, consider replacing affected devices with models from vendors with timely security support. 6. Implement network segmentation to limit the impact of compromised routers on internal networks. 7. Conduct vulnerability scans and penetration tests to identify and remediate similar weaknesses in network infrastructure. 8. Educate users and administrators about the risks and signs of router compromise to enable rapid detection and response.