Sign-up

ID

VAR-202603-1428


CVE

CVE-2026-4042


TITLE

Shenzhen Tenda Technology Co.,Ltd. of I12  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-009917

DESCRIPTION

A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The exploit is publicly available and could be used to carry out attacks.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely

Trust: 1.62

sources: NVD: CVE-2026-4042 // JVNDB: JVNDB-2026-009917

AFFECTED PRODUCTS

vendor:tendamodel:i12scope:eqversion:1.0.0.6\(2204\)

Trust: 1.0

vendor:tendamodel:i12scope: - version: -

Trust: 0.8

vendor:tendamodel:i12scope:eqversion:i12 firmware 1.0.0.6¥(2204¥)

Trust: 0.8

vendor:tendamodel:i12scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-009917 // NVD: CVE-2026-4042

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-4042
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-009917
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-4042
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-009917
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-4042
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-009917
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-009917 // NVD: CVE-2026-4042

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-009917 // NVD: CVE-2026-4042

PATCH

title://vuldb.com/?submit.769463url:https://github.com/Jimi-Lab/cve/issues/2

Trust: 0.8

sources: JVNDB: JVNDB-2026-009917

EXTERNAL IDS

db:NVDid:CVE-2026-4042

Trust: 2.6

db:VULDBid:350654

Trust: 1.0

db:JVNDBid:JVNDB-2026-009917

Trust: 0.8

sources: JVNDB: JVNDB-2026-009917 // NVD: CVE-2026-4042

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/?id.350654

Trust: 1.0

url:https://vuldb.com/?ctiid.350654

Trust: 1.0

url:https://vuldb.com/?submit.769463

Trust: 1.0

url:https://github.com/jimi-lab/cve/issues/2

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-4042

Trust: 0.8

sources: JVNDB: JVNDB-2026-009917 // NVD: CVE-2026-4042

SOURCES

db:JVNDBid:JVNDB-2026-009917
db:NVDid:CVE-2026-4042

LAST UPDATE DATE

2026-04-07T23:25:07.158000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-009917date:2026-04-06T02:56:00
db:NVDid:CVE-2026-4042date:2026-04-02T20:04:42.220

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-009917date:2026-04-06T00:00:00
db:NVDid:CVE-2026-4042date:2026-03-12T15:16:34.180