Description
Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-05
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a stack overflow in the page parameter of the fromDhcpListClient function, allowing an attacker to send a crafted HTTP request that corrupts the program stack and causes the router firmware to crash. This aborts all operations on the device, rendering it unavailable and potentially disrupting the local network. The weakness corresponds to improper handling of buffer or data (CWE‑119).

Affected Systems

The vulnerable product is the Shenzhen Tenda Technology Co., Ltd Tenda FH451 router running firmware version 1.0.0.9. No other vendors or products are listed as affected.

Risk and Exploitability

EPSS information is not available and the vulnerability is not listed in CISA’s KEV catalog, so an exact exploitation likelihood cannot be quantified. The defect lies in a network‑exposed function, and an attacker can trigger it remotely by crafting a malicious HTTP request. While there is no documented exploit, the remote nature of the attack and the DoS impact suggest a moderate risk for environments where the device is exposed to untrusted networks.

Generated by OpenCVE AI on June 5, 2026 at 22:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the FH451 firmware to the latest release that includes a patch for the stack overflow.
  • If no firmware update is available, configure network firewalls or ACLs to block or rate‑limit HTTP traffic to the /fromDhcpListClient endpoint, preventing malicious page parameters from reaching the router.
  • Monitor the device for abnormal reboots or crash logs and validate that the device remains operational after applying the firmware update or firewall rule.

Generated by OpenCVE AI on June 5, 2026 at 22:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Stack Overflow in Tenda FH451 fromDhcpListClient Causes DoS via Crafted HTTP Requests
Weaknesses CWE-119

Fri, 05 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-05T20:20:09.893Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36785

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-05T21:16:30.223

Modified: 2026-06-05T21:16:30.223

Link: CVE-2026-36785

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T22:30:06Z

Weaknesses