Description
Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-05
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a stack overflow in the page parameter of the fromDhcpListClient function, allowing an attacker to send a crafted HTTP request that corrupts the program stack and causes the router firmware to crash. This aborts all operations on the device, rendering it unavailable and potentially disrupting the local network. The weakness corresponds to stack memory corruption (CWE‑121).

Affected Systems

The vulnerable product is the Shenzhen Tenda Technology Co., Ltd Tenda FH451 router running firmware version 1.0.0.9. No other vendors or products are listed as affected.

Risk and Exploitability

The CVSS score of 7.5 reflects a high severity and the EPSS score of <1% indicates a very low but nonzero likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. It lies in a network‑exposed function, and an attacker can trigger it remotely by crafting a malicious HTTP request. While no exploit is documented, the remote nature of the attack and the DoS impact suggest a moderate to high risk for environments where the device is exposed to untrusted networks.

Generated by OpenCVE AI on June 8, 2026 at 20:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the FH451 firmware to the latest release that includes a patch for the stack overflow.
  • If no firmware update is available, configure network firewalls or ACLs to block or rate‑limit HTTP traffic to the /fromDhcpListClient endpoint, preventing malicious page parameters from reaching the router.
  • Monitor the device for abnormal reboots or crash logs and validate that the device remains operational after applying the firmware update or firewall rule.

Generated by OpenCVE AI on June 8, 2026 at 20:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Title Stack Overflow in Tenda FH451 fromDhcpListClient Causes DoS via Crafted HTTP Requests
Weaknesses CWE-119

Mon, 08 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 07 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda fh451
Vendors & Products Tenda
Tenda fh451

Fri, 05 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Stack Overflow in Tenda FH451 fromDhcpListClient Causes DoS via Crafted HTTP Requests
Weaknesses CWE-119

Fri, 05 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

Tenda Fh451
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-08T16:54:10.080Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36785

cve-icon Vulnrichment

Updated: 2026-06-08T16:54:02.337Z

cve-icon NVD

Status : Deferred

Published: 2026-06-05T21:16:30.223

Modified: 2026-06-08T17:16:42.283

Link: CVE-2026-36785

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T20:45:32Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow