CVE-2026-3809
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
Analysis
Stack-based buffer overflow in Tenda FH1202 firmware version 1.2.0.14(408) allows remote authenticated attackers to achieve complete system compromise through manipulation of the page parameter in the /goform/NatStaticSetting function. Public exploit code exists for this vulnerability and no patch is currently available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Tenda FH1202 devices running firmware 1.2.0.14(408) and isolate affected units from production networks if possible. Within 7 days: Implement network segmentation to restrict access to the vulnerable /goform/NatStaticSetting endpoint and apply WAF rules to block exploitation attempts. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today