Cyber Posture

CVE-2026-3808

HighPublic PoC

Published: 09 March 2026

Published
09 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 28.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is…

more

now public and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely remediation through firmware patching directly eliminates the stack-based buffer overflow vulnerability in the formWebTypeLibrary function.

SI-10 Information Input Validation good match
prevent

Validating the webSiteId argument ensures proper bounds checking and prevents the stack-based buffer overflow from malformed remote inputs.

SI-16 Memory Protection partial match
prevent

Memory protection safeguards like stack canaries and address space layout randomization mitigate exploitation of the stack-based buffer overflow even if input validation fails.

Security SummaryAI

CVE-2026-3808 is a stack-based buffer overflow vulnerability in the Tenda FH1202 router running firmware version 1.2.0.14(408). The issue resides in the formWebTypeLibrary function within the /goform/webtypelibrary file, where manipulation of the webSiteId argument triggers the overflow. This flaw, associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), has a CVSS v3.1 base score of 8.8, reflecting its high severity.

The vulnerability can be exploited remotely over the network with low complexity and no user interaction required, but it necessitates low privileges (PR:L), such as those of an authenticated user. Successful exploitation allows attackers to achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially enabling arbitrary code execution on the affected device.

References include a public exploit on GitHub at https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-webtypelibrary-websiteid-buffer-overflow, along with VulDB entries (https://vuldb.com/?ctiid.349774, https://vuldb.com/?id.349774, https://vuldb.com/?submit.769023) detailing the issue. The vendor's site (https://www.tenda.com.cn/) is listed, though specific patch or mitigation guidance is not detailed in the provided information.

The exploit is publicly available and may be used, increasing the risk for unpatched Tenda FH1202 devices.

Details

CWE(s)
CWE-119CWE-121

Affected Products

tenda
fh1202 firmware
1.2.0.14\(408\)

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

The vulnerability is a remotely exploitable buffer overflow in a router's web interface (/goform/webtypelibrary), enabling arbitrary code execution via public-facing application exploitation (T1190) or remote services exploitation (T1210), with public exploit available.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References