CVE-2026-7034: Tenda FH1202 Router Hit by High-Severity Buffer Overflow
The National Vulnerability Database has disclosed CVE-2026-7034, a high-severity stack-based buffer overflow vulnerability impacting the Tenda FH1202 1.2.0.14(408) router. This flaw resides within the WrlExtraSet function of the /goform/WrlExtraSet component, specifically within the httpd service. Attackers can trigger this vulnerability by manipulating the Go argument, leading to remote code execution or denial of service.
Rated with a CVSS score of 8.8 (High), this vulnerability is critical. The attack vector is network-based, requires low privileges, and does not necessitate user interaction. This makes it highly attractive to adversaries, especially considering the exploit has been made public. Unpatched routers are exposed to significant risk.
For defenders, this is a clear call to action. Tenda FH1202 routers, commonly found in home and small office environments, are often internet-facing and rarely patched. Attackers prioritize these devices because they represent easily exploitable entry points into networks. Expect to see this vulnerability weaponized quickly by opportunistic actors scanning for vulnerable devices.
What This Means For You
- If your organization or employees use Tenda FH1202 routers, especially the 1.2.0.14(408) firmware, immediate action is required. This is a public exploit for an internet-facing device. Patch or replace these devices immediately. Assume compromise if you cannot confirm patching.
Related ATT&CK Techniques
🛡️ Detection Rules
5 rules · 6 SIEM formats5 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Web Application Exploitation Attempt — CVE-2026-7034
title: Web Application Exploitation Attempt — CVE-2026-7034
id: scw-2026-04-26-1
status: experimental
level: high
description: |
Detects common exploitation patterns targeting web applications. Review CVE-2026-7034 advisories for specific indicators.
author: SCW Feed Engine (auto-generated)
date: 2026-04-26
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7034/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains:
- '..'
- 'SELECT'
- 'UNION'
- '<script'
- 'cmd='
- '/etc/passwd'
condition: selection
falsepositives:
- Legitimate activity from CVE-2026-7034
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7034 | Buffer Overflow | Tenda FH1202 version 1.2.0.14(408) |
| CVE-2026-7034 | Buffer Overflow | Vulnerable function: WrlExtraSet in /goform/WrlExtraSet |
| CVE-2026-7034 | Buffer Overflow | Vulnerable component: httpd |
| CVE-2026-7034 | Buffer Overflow | Manipulation of argument: Go |
| CVE-2026-7034 | Buffer Overflow | Attack vector: Remote |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 26, 2026 at 15:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7039: tufantunc ssh-mcp Local Command Injection Exposed
CVE-2026-7039 — A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts....
CVE-2026-7037: Totolink A8000RU Critical OS Command Injection
CVE-2026-7037 — A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component...
Tenda i9 Path Traversal (CVE-2026-7036) Exposes Networks to Remote Exploitation
CVE-2026-7036 — A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to...