CVE-2026-5036 identifies a stack-based buffer overflow vulnerability in the Tenda 4G06 router firmware version 04.06.01.29. The vulnerability resides in the fromDhcpListClient function of the /goform/DhcpListClient endpoint, part of the router's endpoint component. Specifically, the vulnerability is triggered by manipulating the 'page' argument passed to this function, which is not properly validated or bounds-checked, leading to a stack overflow condition. This overflow can overwrite critical control data on the stack, enabling an attacker to execute arbitrary code remotely. The attack vector is network-based, requiring no authentication or user interaction, making it highly accessible to remote adversaries. The CVSS 4.0 base score is 8.7 (high), reflecting the ease of exploitation (network attack vector, low complexity), lack of required privileges or user interaction, and the severe impact on confidentiality, integrity, and availability. Although no confirmed exploits in the wild have been reported, the public availability of exploit code increases the likelihood of exploitation attempts. This vulnerability could allow attackers to take full control of affected devices, potentially leading to network compromise, data interception, or disruption of services. The affected product, Tenda 4G06, is a 4G LTE router commonly used in residential and small business environments, often deployed in regions where Tenda has market presence. The lack of an official patch link in the provided data suggests that mitigation or firmware updates may not yet be available, emphasizing the need for interim protective measures.

The impact of CVE-2026-5036 is significant for organizations using Tenda 4G06 routers, as exploitation can lead to full device compromise. This includes unauthorized remote code execution, allowing attackers to control the device, intercept or manipulate network traffic, and potentially pivot to internal networks. Confidentiality is at risk due to possible data interception; integrity is compromised through unauthorized changes to device configuration or firmware; availability may be disrupted by device crashes or malicious reconfiguration. Given the router's role as a network gateway, exploitation could facilitate broader network intrusions or denial of service attacks. Small businesses and residential users relying on this device may face service outages or data breaches. The public availability of exploit code increases the risk of automated attacks and widespread exploitation, especially in environments where devices remain unpatched. The absence of authentication requirements and user interaction lowers the barrier for attackers, making this vulnerability particularly dangerous in exposed network environments.

1. Immediate mitigation should include isolating affected Tenda 4G06 devices from untrusted networks to reduce exposure. 2. Monitor network traffic for unusual activity targeting the /goform/DhcpListClient endpoint, particularly malformed requests manipulating the 'page' parameter. 3. Employ network-level protections such as firewalls or intrusion prevention systems (IPS) to block or alert on suspicious packets directed at the vulnerable endpoint. 4. Check with Tenda for firmware updates or security advisories addressing this vulnerability and apply patches promptly once available. 5. If patches are unavailable, consider replacing affected devices with models not vulnerable to this issue. 6. Implement network segmentation to limit the impact of a compromised device. 7. Regularly audit device configurations and logs for signs of compromise. 8. Educate users and administrators about the risk and signs of exploitation. 9. Disable remote management features if not required to reduce attack surface. 10. Use VPNs or secure tunnels for remote access to reduce direct exposure of vulnerable endpoints.