Volerion logoVolerion
Volerion logoVolerion

Tenda FH1201 Stack-Based Buffer Overflow Vulnerability in WrlclientSet Function

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Tenda FH1201 router, specifically in version 1.2.0.14(408). The issue arises in the WrlclientSet function within the Parameter Handler component. The vulnerability is triggered by manipulating the GO parameter in a POST request to the /goform/WrlclientSet endpoint. This buffer overflow can be exploited remotely, potentially leading to unauthorized memory access and execution of arbitrary code.

Impact

Exploitation of this vulnerability allows for a stack-based buffer overflow, which can be used to execute arbitrary code or cause a denial-of-service condition on the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/WrlclientSet endpoint. The request must include a GO parameter filled with a payload that exceeds the buffer's capacity, effectively overwriting adjacent memory on the stack.

Added: Mar 29, 2026, 2:19 PM
Updated: Mar 29, 2026, 2:19 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
10.0
exploitability
8.5
remediation
7.7
relevance
4.9
threat
6.4
urgency
2.9
incentive
8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.