Sign-up

ID

VAR-202603-1207


CVE

CVE-2026-3809


TITLE

Shenzhen Tenda Technology Co.,Ltd. of FH1202  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-006525

DESCRIPTION

A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used. This attack is remotely executable and a publicly available exploit is available for malicious use.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-3809 // JVNDB: JVNDB-2026-006525

AFFECTED PRODUCTS

vendor:tendamodel:fh1202scope:eqversion:1.2.0.14\(408\)

Trust: 1.0

vendor:tendamodel:fh1202scope:eqversion: -

Trust: 0.8

vendor:tendamodel:fh1202scope:eqversion:fh1202 firmware 1.2.0.14¥(408¥)

Trust: 0.8

vendor:tendamodel:fh1202scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-006525 // NVD: CVE-2026-3809

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-3809
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-006525
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-3809
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-006525
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-3809
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-006525
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-006525 // NVD: CVE-2026-3809

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-006525 // NVD: CVE-2026-3809

PATCH

title:Submit #769039url:https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-natsaticsetting-page-buffer-overflow

Trust: 0.8

sources: JVNDB: JVNDB-2026-006525

EXTERNAL IDS

db:NVDid:CVE-2026-3809

Trust: 2.6

db:VULDBid:349775

Trust: 1.0

db:JVNDBid:JVNDB-2026-006525

Trust: 0.8

sources: JVNDB: JVNDB-2026-006525 // NVD: CVE-2026-3809

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://github.com/svigo-o/tenda_vul/tree/main/tenda-fh1202-natsaticsetting-page-buffer-overflow

Trust: 1.0

url:https://vuldb.com/?ctiid.349775

Trust: 1.0

url:https://vuldb.com/?submit.769039

Trust: 1.0

url:https://vuldb.com/?id.349775

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-3809

Trust: 0.8

sources: JVNDB: JVNDB-2026-006525 // NVD: CVE-2026-3809

SOURCES

db:JVNDBid:JVNDB-2026-006525
db:NVDid:CVE-2026-3809

LAST UPDATE DATE

2026-03-12T23:37:44.162000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-006525date:2026-03-11T06:58:00
db:NVDid:CVE-2026-3809date:2026-03-09T15:30:24.130

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-006525date:2026-03-11T00:00:00
db:NVDid:CVE-2026-3809date:2026-03-09T08:16:01.263