CVE-2026-36789 | Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23… | CVSS 7.5 HIGH

Description

Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Metadata

CVE ID: CVE-2026-36789
State: PUBLISHED
Assigner: mitre
Reserved: 2026-04-06 00:00 UTC
Published: 2026-06-08 00:00 UTC
Last updated: 2026-06-08 18:22 UTC
Primary CWE: CWE-121
CWE-121 Stack-based Buffer Overflow
Vendor / Product: n/a / n/a
Sources: cve.org · NVD

Severity & Metrics

7.5 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
n/a	n/a	—	n/a

Weakness (CWE)

CWE	Source	Description
—	cna	n/a
CWE-121	adp	CWE-121 Stack-based Buffer Overflow

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.5	HIGH	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (1)

https://github.com/xhh0124/SemVulLLM/tree/main/AC1206/fromGstDhcpSetSer