CVE-2026-5036

HIGH

Tenda 4G06 Endpoint DhcpListClient fromDhcpListClient stack-based overflow

Title source: cna

Description

A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.

References (5)

Scores

CVSS v3 8.8
EPSS 0.0004
EPSS Percentile 13.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119 CWE-121
Status published
Products (2)
Tenda/4G06 04.06.01.29
tenda/4g06_firmware 04.06.01.29
Published Mar 29, 2026
Tracked Since Mar 29, 2026