Description
Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the fromGstDhcpSetSer function of the Tenda AC1206 firmware where multiple stack overflows can be triggered by supplying crafted username and password values. These overflows corrupt the stack and cause the device to crash, resulting in a denial of service. The flaw does not provide remote code execution or unauthorized access, but it disables the device’s management interface until it is rebooted.

Affected Systems

Shenzhen Tenda Technology Co., Ltd’s Tenda AC1206 wireless router running firmware version v15.03.06.23 is affected. No other versions, vendors, or products were listed in the advisory.

Risk and Exploitability

Based on the description, the likely attack vector is over the network via HTTP. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, but the attack can be performed over the network by sending a specially crafted HTTP request to the device. The CVSS score of 7.5 indicates a high severity, yet the DoS impact is significant for any organization that relies on continuous network connectivity. Organizations should treat the flaw as a high‑priority issue until a patch is applied.

Generated by OpenCVE AI on June 8, 2026 at 22:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Acquire and install the latest firmware update from Tenda that removes the vulnerable fromGstDhcpSetSer code.
  • Configure network firewalls or ACLs to restrict which IP addresses can reach the router’s management HTTP interface, reducing exposure to malicious requests.
  • As an interim measure, reboot the device frequently or reset it to factory defaults if a DoS event occurs, and monitor traffic for repeated attempts to trigger the overflow.

Generated by OpenCVE AI on June 8, 2026 at 22:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda ac1206
Vendors & Products Tenda
Tenda ac1206

Mon, 08 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Stack Overflow Vulnerabilities in Tenda AC1206 fromGstDhcpSetSer Function Allow DoS
Weaknesses CWE-120

Mon, 08 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 08 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Title Stack Overflow Vulnerabilities in Tenda AC1206 fromGstDhcpSetSer Function Allow DoS
Weaknesses CWE-120

Mon, 08 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

Tenda Ac1206
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-08T18:22:15.207Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36789

cve-icon Vulnrichment

Updated: 2026-06-08T18:22:10.571Z

cve-icon NVD

Status : Deferred

Published: 2026-06-08T15:16:45.660

Modified: 2026-06-09T13:57:49.980

Link: CVE-2026-36789

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T08:57:57Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow