Description
Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-08
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the fromGstDhcpSetSer function of the Tenda AC1206 firmware where multiple stack overflows can be triggered by supplying crafted username and password values. These overflows corrupt the stack and cause the device to crash, resulting in a denial of service. The flaw does not provide remote code execution or unauthorized access, but it disables the device’s management interface until it is rebooted.

Affected Systems

Shenzhen Tenda Technology Co., Ltd’s Tenda AC1206 wireless router running firmware version v15.03.06.23 is affected. No other versions, vendors, or products were listed in the advisory.

Risk and Exploitability

No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, but the attack can be performed over the network by sending a specially crafted HTTP request to the device. The lack of a published CVSS score prevents an exact severity rating, yet the DoS impact is significant for any organization that relies on continuous network connectivity. Organizations should treat the flaw as a high‑priority issue until a patch is applied.

Generated by OpenCVE AI on June 8, 2026 at 15:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Acquire and install the latest firmware update from Tenda that removes the vulnerable fromGstDhcpSetSer code.
  • Configure network firewalls or ACLs to restrict which IP addresses can reach the router’s management HTTP interface, reducing exposure to malicious requests.
  • As an interim measure, reboot the device frequently or reset it to factory defaults if a DoS event occurs, and monitor traffic for repeated attempts to trigger the overflow.

Generated by OpenCVE AI on June 8, 2026 at 15:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Title Stack Overflow Vulnerabilities in Tenda AC1206 fromGstDhcpSetSer Function Allow DoS
Weaknesses CWE-120

Mon, 08 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-08T14:10:09.401Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36789

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T15:16:45.660

Modified: 2026-06-08T15:16:45.660

Link: CVE-2026-36789

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T15:30:27Z

Weaknesses