Description
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Published: 2026-04-09
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

This vulnerability resides in the fromSafeEmailFilter function of the Tenda F451 firmware. By sending a crafted value in the page parameter to the /goform/SafeEmailFilter endpoint, an attacker can overflow a stack buffer and execute arbitrary code. The vulnerability can be triggered remotely, potentially allowing the attacker to gain full control over the device and compromise the confidentiality, integrity, and availability of the network.

Affected Systems

The affected hardware is the Tenda F451 router running firmware version 1.0.0.7. No other versions or firmware builds are listed as impacted.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity vulnerability. The EPSS score is not available, and the issue is not in the CISA KEV catalog, but the public disclosure of an exploit elevates the risk level. Because the attack can be initiated over the network by sending a malicious request to the vulnerable endpoint, the likelihood of exploitation is significant for exposed routers that have not applied a patch. The absence of a published mitigation makes the threat more pressing.

Generated by OpenCVE AI on April 10, 2026 at 00:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from Tenda that fixes the SafeEmailFilter buffer overflow.
  • If no update is available, restrict external access to the router’s web administration interface using firewall rules or IP filtering.
  • Disable the SafeEmailFilter feature or block the /goform/SafeEmailFilter endpoint if the router configuration allows.

Generated by OpenCVE AI on April 10, 2026 at 00:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda f451
Vendors & Products Tenda f451

Thu, 09 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title Tenda F451 SafeEmailFilter fromSafeEmailFilter stack-based overflow
First Time appeared Tenda
Tenda f451 Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:tenda:f451_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda f451 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda F451 F451 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-10T12:25:23.555Z

Reserved: 2026-04-09T12:36:57.995Z

Link: CVE-2026-5990

cve-icon Vulnrichment

Updated: 2026-04-10T12:25:19.205Z

cve-icon NVD

Status : Received

Published: 2026-04-10T00:16:36.363

Modified: 2026-04-10T00:16:36.363

Link: CVE-2026-5990

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:27:24Z

Weaknesses