CVE-2026-5045 is a stack-based buffer overflow vulnerability identified in the Tenda FH1201 router firmware version 1.2.0.14(408). The flaw exists in the WrlclientSet function within the /goform/WrlclientSet endpoint, part of the parameter handler component responsible for processing configuration inputs. Specifically, the vulnerability is triggered by manipulating the GO argument, which is improperly validated, leading to a stack-based buffer overflow condition. This type of vulnerability allows an attacker to overwrite the call stack, potentially enabling arbitrary code execution or causing a denial of service. The vulnerability is remotely exploitable over the network without requiring authentication or user interaction, making it highly dangerous. The CVSS v4.0 score is 8.7 (high severity), reflecting the ease of exploitation (network vector, low attack complexity), no privileges or user interaction needed, and high impact on confidentiality, integrity, and availability. Although no confirmed exploits in the wild have been reported, a public exploit is available, increasing the likelihood of active exploitation attempts. The affected product, Tenda FH1201, is a consumer and small office/home office (SOHO) router, commonly used in various countries, which broadens the attack surface. The vulnerability's exploitation could allow attackers to gain control over the device, intercept or manipulate network traffic, or pivot into internal networks.

The impact of CVE-2026-5045 is significant for organizations using Tenda FH1201 routers, particularly those with exposed management interfaces accessible from untrusted networks. Successful exploitation can lead to remote code execution, allowing attackers to take full control of the device. This can result in interception of sensitive data, network traffic manipulation, creation of persistent backdoors, or launching further attacks against internal network resources. The compromise of such routers can undermine network confidentiality, integrity, and availability, potentially disrupting business operations and exposing sensitive information. Given the router's role as a gateway device, the vulnerability could serve as a foothold for attackers to infiltrate corporate or home networks. The availability of a public exploit increases the risk of widespread attacks, including automated scanning and exploitation campaigns. Organizations relying on these devices without proper segmentation or monitoring are at heightened risk of compromise.

To mitigate CVE-2026-5045, organizations should immediately check for and apply any official firmware updates or patches released by Tenda addressing this vulnerability. If no patch is available, network administrators should restrict access to the router's management interfaces by implementing network segmentation and firewall rules to limit exposure to trusted networks only. Disabling remote management features or changing default credentials can reduce attack surface. Monitoring network traffic for unusual activity and deploying intrusion detection/prevention systems (IDS/IPS) capable of detecting exploitation attempts targeting this vulnerability is recommended. Additionally, organizations should consider replacing affected devices with models from vendors with more robust security track records if timely patches are unavailable. Regular security audits and vulnerability scanning of network devices can help identify and remediate similar risks proactively. Finally, educating users about the risks of exposed network devices and enforcing strong network security policies will further reduce exploitation likelihood.