CVE-2026-4042 identifies a stack-based buffer overflow vulnerability in the Tenda i12 router firmware version 1.0.0.6(2204). The vulnerability resides in the formWifiMacFilterGet function, specifically in the handling of the 'index' parameter passed to the /goform/WifiMacFilterGet endpoint. Improper validation or bounds checking of this argument allows an attacker to overwrite the stack memory, leading to a buffer overflow condition. This flaw can be exploited remotely over the network without requiring authentication or user interaction, making it highly accessible to attackers. Successful exploitation could allow arbitrary code execution with elevated privileges, enabling attackers to take full control of the device, disrupt network operations, or pivot into internal networks. The vulnerability has a CVSS 4.0 base score of 8.7, reflecting high impact on confidentiality, integrity, and availability, combined with low attack complexity and no required privileges. Although no active exploitation has been reported, a public exploit is available, increasing the likelihood of future attacks. The absence of official patches or mitigation guidance from the vendor at this time necessitates immediate defensive measures by users and administrators of affected devices.

The impact of CVE-2026-4042 is significant for organizations using Tenda i12 routers, particularly in environments where these devices serve as critical network gateways or infrastructure components. Exploitation could lead to full compromise of the router, allowing attackers to intercept, modify, or disrupt network traffic, degrade service availability, and gain a foothold for lateral movement within internal networks. This could result in data breaches, service outages, and potential disruption of business operations. Given the remote, unauthenticated nature of the exploit, attackers can target vulnerable devices at scale, increasing the risk of widespread impact. Organizations in sectors such as telecommunications, enterprise networking, government, and critical infrastructure that deploy Tenda i12 devices are especially vulnerable. The availability of a public exploit further elevates the threat, as it lowers the barrier for attackers to weaponize this vulnerability.

To mitigate CVE-2026-4042, organizations should immediately identify and isolate all Tenda i12 routers running firmware version 1.0.0.6(2204). Since no official patch is currently available, the following specific actions are recommended: 1) Restrict network access to the management interface (/goform/WifiMacFilterGet) by implementing firewall rules or access control lists limiting access to trusted IP addresses only. 2) Disable remote management features if not required to reduce exposure. 3) Monitor network traffic for unusual requests targeting the vulnerable endpoint to detect potential exploitation attempts. 4) Employ network segmentation to isolate vulnerable devices from sensitive internal networks. 5) Engage with Tenda support or vendor channels to obtain firmware updates or security advisories. 6) Plan for prompt deployment of vendor patches once released. 7) Consider replacing affected devices with models that have confirmed security updates if patching is delayed. 8) Conduct regular vulnerability scanning and penetration testing to verify mitigation effectiveness.