Description
A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Published: 2026-04-10
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch
AI Analysis

Impact

A stack‑based buffer overflow exists in the fromP2pListFilter function of the /goform/P2pListFilter endpoint. Manipulation of the page argument triggers the overflow, and the vulnerability can be exploited remotely from an external host. Successful exploitation would allow an attacker to execute arbitrary code on the device, compromising confidentiality, integrity, and availability of the router and potentially of the network it serves.

Affected Systems

The flaw affects Tenda F451 devices running firmware version 1.0.0.7. No other firmware versions or models are listed as affected.

Risk and Exploitability

The CVSS score of 8.7 classifies this as a high severity issue. The EPSS score is unavailable, and the vulnerability is not currently listed in the CISA KEV catalog, suggesting no known large‑scale attacks yet. However, the exploit has been publicly disclosed and is likely accessible to attackers who can reach the device’s web interface, especially if it is exposed to the internet or an untrusted local network. The attack vector is inferred to be remote, via HTTP requests to the router’s management interface.

Generated by OpenCVE AI on April 10, 2026 at 01:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest firmware update for the Tenda F451 from the vendor’s official website.
  • If a patch is unavailable, disable remote management or limit access to the device by placing it behind a firewall and restricting the local network to trusted devices.
  • Regularly change default administrator credentials and enforce strong passwords.
  • Monitor router logs for unusual activity that may indicate exploitation attempts.
  • Consider resetting the device to factory defaults and re‑configuring it only after applying the latest firmware.

Generated by OpenCVE AI on April 10, 2026 at 01:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda f451
Vendors & Products Tenda f451

Fri, 10 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Title Tenda F451 P2pListFilter fromP2pListFilter stack-based overflow
First Time appeared Tenda
Tenda f451 Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:tenda:f451_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda f451 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda F451 F451 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-10T13:48:20.916Z

Reserved: 2026-04-09T12:37:23.110Z

Link: CVE-2026-5992

cve-icon Vulnrichment

Updated: 2026-04-10T13:48:17.675Z

cve-icon NVD

Status : Received

Published: 2026-04-10T00:16:36.750

Modified: 2026-04-10T00:16:36.750

Link: CVE-2026-5992

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:27:21Z

Weaknesses