CVE-2026-36785: Shenzhen Tenda Technology Co
Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A stack-based buffer overflow exists in the Tenda FH451 router firmware (V1.0.0.9), specifically in the fromDhcpListClient function where the page parameter is not properly bounds-checked. The vulnerability is reachable over the network with no authentication required and no user interaction needed. Successful exploitation crashes the affected service, causing a denial of service. HarborGuard tracks this advisory and will make a patched-image rebuild available as soon as an upstream fix is published.
HarborGuard Coverage
Detection is available across every HarborGuard environment - the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that incorporate affected Tenda FH451 firmware components. Any image in a connected registry or CI pipeline that carries the vulnerable V1.0.0.9 firmware version is flagged automatically.
AvailableHarborGuard scores this finding at CVSS 7.5 (HIGH) and surfaces it with per-environment compliance policy weighting so teams with strict availability requirements see it prioritized accordingly. Routing to the appropriate team inbox within each customer organization is handled automatically based on policy configuration.
AvailableNo fix version has been published for CVE-2026-36785 - HarborGuard re-checks the upstream advisory each ingest cycle and will make a patched-image rebuild available the moment the vendor ships a fix. In the meantime, customers can apply compensating controls such as network-policy isolation to restrict HTTP access to the device management interface.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable HTTP endpoint is exposed over the network, so an attacker must be able to send HTTP requests to the device to trigger the overflow.
- AuthenticationNot required
No credentials or session token are needed; the overflow is reachable by any unauthenticated HTTP request.
- Victim interactionNot required
No user action is needed on the target device; the attacker sends a crafted request directly to the service.
- Attack complexityDetail
The exploit is reliable and condition-free - no race conditions or special memory layout are required to trigger the overflow.
Blast Radius
- Crashes the fromDhcpListClient service on the Tenda FH451, taking down DHCP client list functionality.
- A sustained stream of crafted requests keeps the device unavailable, disrupting network connectivity for clients that depend on it.
- No confidentiality or data-integrity impact is indicated by the CVSS vector; the impact is limited to availability loss.
How HarborGuard Handles This
Available on HarborGuard: because no upstream fix exists yet, HarborGuard continuously monitors the advisory and will trigger a patched-image rebuild automatically the moment the vendor publishes a fix version. For environments with auto-remediation enabled, that rebuild will be followed by a regression-test run and a PR opened against affected workloads without manual intervention. While waiting for a vendor patch, compensating controls worth considering include applying network policies that restrict inbound HTTP access to the FH451 management interface to trusted subnets only, and enabling egress filtering to reduce the device's exposure surface. The finding remains open in the HarborGuard dashboard with its HIGH severity rating until a fix is confirmed upstream.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H