Description
Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-08
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a stack overflow in the list1 parameter of the fromDhcpListClient function in the Tenda FH451 firmware. The vulnerability allows an attacker to craft an HTTP request that overflows the stack and causes the device to crash, rendering the network interface unavailable. This results in a denial of service to all users attached to the device.

Affected Systems

Shenzhen Tenda Technology Co., Ltd Tenda FH451 firmware 1.0.0.9 is affected. No other versions are listed as impacted. The product is a consumer wireless router.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity. EPSS is not available, and the vulnerability is not listed in CISA KEV. Based on the description it is inferred that the attack vector is remote over the network via unauthenticated HTTP traffic, and the exploitation does not directly affect confidentiality or integrity but can quickly cause service interruption. No public exploits are documented, but the simplicity of the payload suggests that an attacker with basic knowledge of the device’s HTTP interface could trigger it.

Generated by OpenCVE AI on June 8, 2026 at 23:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Tenda FH451 to the latest firmware that includes the stack overflow fix.
  • Disable or restrict HTTP access to the /fromDhcpListClient endpoint so that incoming requests cannot reach vulnerable code.
  • If firmware cannot be updated, configure the device or a surrounding firewall to limit the length of the list1 parameter or block the port used by the HTTP service.
  • Apply input‑validation controls so that the size of list1 is bounded and the stack cannot be overrun.

Generated by OpenCVE AI on June 8, 2026 at 23:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda fh451
Vendors & Products Tenda
Tenda fh451

Mon, 08 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Title Stack Overflow in Tenda FH451 Firmware Causes DoS

Mon, 08 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Title Stack Overflow in HTTP Parameter Causing DoS
Weaknesses CWE-120

Mon, 08 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 08 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Title Stack Overflow in HTTP Parameter Causing DoS
Weaknesses CWE-120

Mon, 08 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

Tenda Fh451
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-08T18:20:17.941Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36786

cve-icon Vulnrichment

Updated: 2026-06-08T18:20:08.509Z

cve-icon NVD

Status : Deferred

Published: 2026-06-08T16:16:38.680

Modified: 2026-06-09T13:57:49.980

Link: CVE-2026-36786

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T08:57:56Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow