Stack Overflow in Tenda Router DHCP Configuration Function

CVE-2026-36789 exploits multiple stack overflow vulnerabilities in the fromGstDhcpSetSer function of Tenda AC1206 routers running firmware v15.03.06.23. By crafting HTTP requests with oversized username and password parameters, attackers can overflow the stack and trigger Denial of Service conditions. This vulnerability affects organizations and individuals relying on Tenda AC1206 routers for network connectivity, particularly in small office/home office (SOHO) environments and resource-constrained deployments where patching cycles may be longer. The high CVSS score of 7.5 reflects the ease of exploitation and significant availability impact, making it a critical concern for network infrastructure security.

While this CVE currently maps to zero MITRE ATT&CK techniques, Casky's extended reasoning capabilities excel at identifying the underlying attack infrastructure and reconnaissance patterns that precede stack overflow exploitation. Practitioners using Casky would detect attack signatures related to protocol fuzzing, parameter manipulation, and abnormal HTTP request structures targeting router management interfaces. Claude's reasoning engine can correlate suspicious HTTP activity patterns—including requests with unusual payload sizes in authentication parameters—against baseline network behavior, surfacing indicators of active exploitation attempts. Security teams would observe findings flagging abnormal DHCP configuration requests, repeated failed authentication attempts with oversized credentials, and potential memory corruption indicators, enabling them to identify and isolate compromised or at-risk Tenda devices before widespread DoS impact occurs.