CVE-2026-36789
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk49th percentile - higher than 49% of all known CVEs
Summary
Multiple stack overflows were discovered in the fromGstDhcpSetSer function in Tenda AC1206 version 15.03.06.23, triggered by the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Risk Assessment
The organization may experience service outages, leading to disruptions in operations and potential loss of customer trust.
Recommendation
It is recommended to update the device firmware to the latest version to mitigate these vulnerabilities and to monitor network traffic for potential attacks.
Original NVD description (English source)
Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

