Description
A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mit_ssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
Published: 2026-04-09
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A stack‑based buffer overflow exists in the formWrlsafeset function of Tenda F451 firmware version 1.0.0.7. Manipulating the mit_ssid argument when the /goform/AdvSetWrlsafeset web form is invoked causes an overflow on the stack. The flaw is publicly available and can be triggered remotely, potentially enabling arbitrary code execution or a denial of service.

Affected Systems

The vulnerability affects Tenda F451 routers running firmware 1.0.0.7. No other product or version information is provided in the advisory.

Risk and Exploitability

The CVSS score of 8.7 reflects a high severity level. EPSS information is not available and the CVE is not listed in the CISA KEV catalog. The remote nature of the attack vector suggests attackers can target the device over the network without local access, and exploitation requires only a crafted request to the vulnerable web interface.

Generated by OpenCVE AI on April 10, 2026 at 00:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Tenda website or support channels for an official firmware update that resolves the stack overflow. Apply the latest firmware promptly.
  • If a patch is not available, block or restrict external access to the router’s web management interface, especially the /goform/AdvSetWrlsafeset endpoint, to prevent remote exploitation.
  • Monitor network traffic for requests targeting the vulnerable endpoint and look for anomalous activity indicative of exploitation attempts.

Generated by OpenCVE AI on April 10, 2026 at 00:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:h:tenda:f451:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:f451_firmware:1.0.0.7:*:*:*:*:*:*:*

Tue, 14 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda f451
Vendors & Products Tenda f451

Thu, 09 Apr 2026 23:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mit_ssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
Title Tenda F451 AdvSetWrlsafeset formWrlsafeset stack-based overflow
First Time appeared Tenda
Tenda f451 Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:tenda:f451_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda f451 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda F451 F451 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-14T16:33:50.818Z

Reserved: 2026-04-09T12:36:46.548Z

Link: CVE-2026-5988

cve-icon Vulnrichment

Updated: 2026-04-14T15:16:51.926Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-09T23:17:02.343

Modified: 2026-04-29T20:04:42.900

Link: CVE-2026-5988

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:27:30Z

Weaknesses