Cyber Posture

CVE-2026-1329

HighPublic PoC

Published: 22 January 2026

Published
22 January 2026
Modified
03 February 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0015 35.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-based buffer overflow. The attack may be launched remotely. The…

more

exploit has been published and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents stack buffer overflows by validating inputs such as guestWrlPwd, guestEn, guestSsid, hideSsid, and guestSecurity in the fromGetWifiGuestBasic function.

SI-16 Memory Protection good match
prevent

Implements memory safeguards like stack canaries, ASLR, and DEP to block unauthorized code execution from stack-based buffer overflows.

SI-2 Flaw Remediation good match
prevent

Mandates timely flaw remediation through firmware patching to eliminate the specific buffer overflow vulnerability in Tenda AX1803 firmware 1.0.0.1.

Security SummaryAI

CVE-2026-1329 is a stack-based buffer overflow vulnerability affecting the Tenda AX1803 router on firmware version 1.0.0.1. The issue lies in the fromGetWifiGuestBasic function within the /goform/WifiGuestSet file, where manipulation of arguments such as guestWrlPwd, guestEn, guestSsid, hideSsid, or guestSecurity triggers the overflow. It is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).

The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely with low attack complexity by an attacker possessing low privileges, without requiring user interaction. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the affected device.

Advisories and additional details are documented in references including https://river-brow-763.notion.site/Tenda-AX1803-Buffer-Overflow-in-fromGetWifiGusetBasic-2e3a595a7aef80a78225db34317daa40#2e3a595a7aef801ab517e4af5631227a, https://vuldb.com/?ctiid.342305, https://vuldb.com/?id.342305, https://vuldb.com/?submit.736063, and https://vuldb.com/?submit.736064. An exploit has been published and may be used.

The vulnerability was published on 2026-01-22T15:16:54.757, with no further details on real-world exploitation provided in available sources.

Details

CWE(s)
CWE-119CWE-121

Affected Products

tenda
ax1803 firmware
1.0.0.1

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Stack-based buffer overflow in the router's web endpoint (/goform/WifiGuestSet) allows remote exploitation with low privileges for arbitrary code execution, directly enabling T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References