CVE-2026-5036

EUVD-2026-16981
A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
tenda4g06_firmware
04.06.01.29
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Kiciot/cve/issues/1
https://vuldb.com/submit/778625
https://vuldb.com/vuln/353962
https://vuldb.com/vuln/353962/cti
https://www.tenda.com.cn/