HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-36786Published Modified CNA mitre

CVE-2026-36786: Shenzhen Tenda Technology Co

Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Metrics

CVSS v3.1
7.5
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A stack-based buffer overflow in the Tenda FH451 router firmware (V1.0.0.9) affects the fromDhcpListClient function, which processes the list1 parameter in HTTP requests. The vulnerability is reachable over the network with no authentication required and no user interaction needed. Successful exploitation crashes the affected service, causing a denial of service. HarborGuard tracks this advisory for patch availability, as no fix version has been published.

HarborGuard Coverage

Detection

Detection for CVE-2026-36786 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream feeds, including custom-built images that bundle Tenda FH451 firmware components. Coverage applies to both registry scans and pipeline-time image checks.

Available
Triage

CVE-2026-36786 is scored at 7.5 HIGH under CVSS v3.1, and HarborGuard surfaces that score alongside per-environment compliance policy weighting to help teams prioritize accordingly. Triage routing is available to direct findings to the appropriate team inbox within each customer organization.

Available
Patch

No upstream fix version has been published for this CVE. HarborGuard re-checks the advisory each ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable HTTP endpoint must be reachable over the network; an attacker sends a crafted HTTP request directly to the device.

  • AuthenticationNot required

    No credentials or session token are needed to trigger the overflow; the affected endpoint accepts unauthenticated requests.

  • Victim interactionNot required

    No user action is required; the attacker interacts with the service directly without involving a logged-in user.

  • Attack complexityDetail

    Exploit conditions are straightforward and reliable, requiring no race conditions, special memory layout, or environmental prerequisites.

Blast Radius

  • Crashes the fromDhcpListClient handler, taking down the affected service process.
  • Renders the router unresponsive to DHCP client management requests, disrupting network connectivity for devices relying on the router.
  • No confidentiality or integrity impact is indicated; the attacker gains no access to stored data or the ability to modify configuration.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-36786 is active across customer environments, matching affected image layers as soon as the advisory is ingested. Because no upstream fix has been published, no patched-image rebuild is currently available. In the meantime, HarborGuard re-checks the advisory on every ingest cycle and will make a rebuild available automatically once Tenda publishes a fix. For environments where compliance policy permits, compensating controls worth considering include network-policy isolation to restrict inbound HTTP access to the FH451 management interface, egress filtering to limit exposure of affected devices, and flagging the image for hold in deployment pipelines until a patch is available.

See how HarborGuard automates this
Affected packages
  • n/a / n/a
    n/a
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References