CVE-2026-4534 - Vulnerability Details

- Tenda FH451 WrlExtraSet formWrlExtraSet stack-based overflow

Description

A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.

Published: 2026-03-22

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A stack-based buffer overflow exists in the formWrlExtraSet function of the Tenda FH451 router, triggered by the GO argument passed to the /goform/WrlExtraSet endpoint. The flaw arises due to insufficient input validation, allowing an attacker to overwrite memory on the device’s stack. While the official description does not explicitly confirm a successful code execution, the presence of a stack overflow and a published exploit strongly imply that an attacker could potentially gain arbitrary code execution or cause a denial of service. This vulnerability can be abused remotely without requiring authentication.

Affected Systems

The issue is limited to the Tenda FH451 model running firmware 1.0.0.9, as specified in the CNA information. No additional affected versions are listed. Users of older or unpatched firmware should verify that they are not vulnerable.

Risk and Exploitability

With a CVSS score of 8.7, the vulnerability is considered high severity. The EPSS score is below 1 %, indicating that large-scale exploitation is currently uncommon, yet the availability of a published exploit means a remote attacker can launch an attack from any external network. Because the flaw is not included in the CISA KEV catalog, it is not officially flagged yet, but the combination of remote access, high severity, and potential for code execution warrants urgent attention.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Tenda

FH451

affected

Version	Status	Constraints
`1.0.0.9`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:tenda:fh451_firmware:1.0.0.9:*:*:*:*:*:*:*

cpe:2.3:h:tenda:fh451:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Tenda

Fh451

100%

Version	Status	Scheme	Platform
`1.0.0.9`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the FH451 router to the latest firmware provided by Tenda that resolves the buffer overflow.
Verify that the device is running the patched firmware by checking the version in the web management interface or the official support portal.
If a firmware update is not yet available, restrict access to the /goform/WrlExtraSet endpoint from external networks or isolate the router behind a firewall to prevent remote exploitation.

Generated by OpenCVE AI on April 3, 2026 at 21:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00079.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/Litengzheng/vul_db/blob/main/FH451/vul_41/README.md
https://vuldb.com/?ctiid.352322
https://vuldb.com/?id.352322
https://vuldb.com/?submit.774342
https://www.tenda.com.cn/

History

Fri, 03 Apr 2026 17:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:h:tenda:fh451:-:::::::* cpe:2.3:o:tenda:fh451_firmware:1.0.0.9:::::::*

Mon, 23 Mar 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 23 Mar 2026 10:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda fh451
Vendors & Products		Tenda fh451

Sun, 22 Mar 2026 04:30:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
Title		Tenda FH451 WrlExtraSet formWrlExtraSet stack-based overflow
First Time appeared		Tenda Tenda fh451 Firmware
Weaknesses		CWE-119 CWE-121
CPEs		cpe:2.3:o:tenda:fh451_firmware::::::::
Vendors & Products		Tenda Tenda fh451 Firmware
References		https://github.com/Litengzheng/vul_db/blob/main/FH451/vul_41/README.md https://vuldb.com/?ctiid.352322 https://vuldb.com/?id.352322 https://vuldb.com/?submit.774342 https://www.tenda.com.cn/
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Tenda Fh451 Fh451 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-22T03:32:11.313Z

Updated: 2026-03-23T16:15:14.053Z

Reserved: 2026-03-21T08:05:11.428Z

Link: CVE-2026-4534

Vulnrichment

Updated: 2026-03-23T16:15:08.694Z

NVD

Status : Analyzed

Published: 2026-03-22T05:16:19.273

Modified: 2026-04-03T17:23:27.113

Link: CVE-2026-4534

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-07T08:09:01Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object