Home / Vulnerability Intelligence / CVE-2026-5046

CVE-2026-5046 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 30, 2026

Tenda FH1201 - Buffer Overflow

Published: March 29, 2026Updated: March 30, 2026PoC AvailableRemote Exploitable

Overview

Tenda FH1201 1.2.0.14(408) contains a stack-based buffer overflow caused by manipulation of the "GO" argument in /goform/WrlExtraSet Parameter Handler, letting remote attackers execute code, exploit requires crafted request.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 7.6%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary code, potentially leading to full system compromise.

Mitigation

Update to the latest version.

References

Social Media Activity(2 posts)

Offensive Sequence

@offseq

Mar 30, 2026

⚠️ CVE-2026-5046 (HIGH): Tenda FH1201 v1.2.0.14(408) suffers stack-based buffer overflow via /goform/WrlExtraSet. Public exploit available — restrict remote access, monitor logs, and segment affected devices. https://radar.offseq.com/threat/cve-2026-5046-stack-based-buffer-overflow-in-tenda-7d25f76d #OffSeq #Infosec #RouterSecurity

View original post

TheHackerWire

@thehackerwire

Mar 29, 2026

🟠 CVE-2026-5046 - High (8.8) A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5046/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-5046
Severity: High
CVSS Score: 8.8
Type: buffer_overflow
Status: confirmed
EPSS: 7.6%
Social Posts: 2

CWE

CWE-119

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

7.6%Probability of exploitation in the next 30 days