CVE-2026-5045: Stack-based Buffer Overflow in Tenda FH1201
A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
AI Analysis
Technical Summary
This vulnerability affects Tenda FH1201 firmware version 1.2.0.14(408) in the Parameter Handler component, specifically the WrlclientSet function accessed via /goform/WrlclientSet. An attacker can remotely manipulate the GO argument to cause a stack-based buffer overflow, potentially leading to arbitrary code execution or denial of service. The vulnerability is remotely exploitable without requiring user interaction. Public exploit code is available, increasing the risk of exploitation. No official patch or remediation information is provided in the available data.
Potential Impact
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on the affected device. Given the high CVSS score (8.7) and the availability of public exploit code, the risk to affected devices is significant. The vulnerability does not require user interaction and can be triggered remotely, increasing its severity.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix information is provided, users should monitor Tenda's official channels for updates. Until a patch is available, restricting remote access to the device's management interface and applying network-level protections to limit exposure may help reduce risk.
CVE-2026-5045: Stack-based Buffer Overflow in Tenda FH1201
Description
A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects Tenda FH1201 firmware version 1.2.0.14(408) in the Parameter Handler component, specifically the WrlclientSet function accessed via /goform/WrlclientSet. An attacker can remotely manipulate the GO argument to cause a stack-based buffer overflow, potentially leading to arbitrary code execution or denial of service. The vulnerability is remotely exploitable without requiring user interaction. Public exploit code is available, increasing the risk of exploitation. No official patch or remediation information is provided in the available data.
Potential Impact
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on the affected device. Given the high CVSS score (8.7) and the availability of public exploit code, the risk to affected devices is significant. The vulnerability does not require user interaction and can be triggered remotely, increasing its severity.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix information is provided, users should monitor Tenda's official channels for updates. Until a patch is available, restricting remote access to the device's management interface and applying network-level protections to limit exposure may help reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-03-27T16:38:40.454Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69c92cf6919ccadcdf22c137
Added to database: 3/29/2026, 1:45:26 PM
Last enriched: 4/6/2026, 9:38:35 AM
Last updated: 5/13/2026, 5:48:16 PM
Views: 115
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.