Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Tenda i12 Router: Unsecured Code Allows Remote Attack
CVE-2026-4041
Summary
An attacker can send malicious input to the Tenda i12 router, potentially causing it to crash or execute unauthorized code. This could lead to unauthorized access to the router or other connected devices. Update the firmware to a patched version to protect against this risk.
Original title
A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based ...
Original description
A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026