Tenda 4G06 Router Stack-Based Buffer Overflow Vulnerability (CVE-2026-5036)
A stack-based buffer overflow vulnerability (CVE-2026-5036) exists in the fromDhcpListClient function of the Tenda 4G06 router (version 04.06.01.29), potentially allowing remote attackers to execute arbitrary code by manipulating the 'page' argument in the /goform/DhcpListClient endpoint.
A stack-based buffer overflow vulnerability, identified as CVE-2026-5036, affects the Tenda 4G06 router, specifically version 04.06.01.29. The vulnerability resides in the fromDhcpListClient function within the /goform/DhcpListClient endpoint. A remote attacker can exploit this by crafting a malicious request that manipulates the page argument, leading to a buffer overflow on the stack. This could allow the attacker to potentially execute arbitrary code on the device. Given the…
Detection coverage 2
Detect Tenda 4G06 Buffer Overflow Attempt via Long Page Parameter
highDetects potential exploitation attempts of CVE-2026-5036 by monitoring for unusually long page parameters in requests to /goform/DhcpListClient.
Detect Access to Tenda 4G06 Configuration Endpoint
infoDetects access to the /goform/DhcpListClient endpoint which is vulnerable to buffer overflow.
Detection queries are kept inside the platform. Get full rules →