{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5036/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-5036","buffer-overflow","router","tenda"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA stack-based buffer overflow vulnerability, identified as CVE-2026-5036, affects the Tenda 4G06 router, specifically version 04.06.01.29. The vulnerability resides in the \u003ccode\u003efromDhcpListClient\u003c/code\u003e function within the \u003ccode\u003e/goform/DhcpListClient\u003c/code\u003e endpoint. A remote attacker can exploit this by crafting a malicious request that manipulates the \u003ccode\u003epage\u003c/code\u003e argument, leading to a buffer overflow on the stack. This could allow the attacker to potentially execute arbitrary code on the device. Given the…\u003c/p\u003e\n","date_modified":"2026-03-29T08:15:56Z","date_published":"2026-03-29T08:15:56Z","id":"/briefs/2026-03-tenda-4g06-bo/","summary":"A stack-based buffer overflow vulnerability (CVE-2026-5036) exists in the fromDhcpListClient function of the Tenda 4G06 router (version 04.06.01.29), potentially allowing remote attackers to execute arbitrary code by manipulating the 'page' argument in the /goform/DhcpListClient endpoint.","title":"Tenda 4G06 Router Stack-Based Buffer Overflow Vulnerability (CVE-2026-5036)","url":"https://feed.craftedsignal.io/briefs/2026-03-tenda-4g06-bo/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-5036","version":"https://jsonfeed.org/version/1.1"}