Stack Overflow in Tenda Router DHCP Client Parameter Handling

CVE-2026-36786 represents a stack overflow vulnerability in Tenda FH451 routers affecting firmware version V1.0.0.9. The vulnerability exists in the fromDhcpListClient function where the list1 parameter fails to properly validate input boundaries, allowing attackers to overflow the stack through a specially crafted HTTP request. This impacts organizations and individuals relying on Tenda FH451 routers for network connectivity and DHCP management. With a CVSS score of 7.5, this vulnerability enables denial of service attacks that can disrupt network availability, making affected routers unavailable until restarted or patched.

While this specific CVE does not map directly to MITRE ATT&CK techniques, Casky's Claude-powered analysis engine would detect attack patterns associated with CWE-121 stack overflow exploitation through behavioral analysis of malformed HTTP requests targeting the fromDhcpListClient function. Practitioners using Casky would observe findings related to memory corruption attempts, unusual parameter lengths in DHCP-related requests, and potential application crashes—indicators that align with broader adversarial techniques like Exploit Public-Facing Application (T1190). The platform's extended reasoning capabilities would correlate these request anomalies with known stack overflow exploitation patterns, enabling security teams to identify reconnaissance or attack attempts before successful exploitation occurs. Organizations should prioritize patching this firmware vulnerability and monitor for suspicious HTTP traffic patterns targeting their Tenda infrastructure.