Description
A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.
Published: 2026-04-12
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A stack‑based buffer overflow exists in the WrlclientSet function of the httpd component on Tenda F451 routers. Manipulating the GO argument can corrupt the stack, allowing an attacker to execute arbitrary code. The vulnerability is exploitable from the network, and an exploit has been publicly released.

Affected Systems

The vulnerability affects Tenda F451 routers running firmware version 1.0.0.7. No other products or versions are listed as impacted.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity risk. The exploit is remote and has been published, so attackers could target any exposed device. Since no EPSS or KEV entry is available, the likelihood of widespread exploitation cannot be quantified, but the reachable nature of the vulnerability implies a significant threat.

Generated by OpenCVE AI on April 12, 2026 at 08:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from Tenda for the F451 router
  • If a patch is not yet available, disable the httpd service or block access to the router’s web interface from external networks
  • Monitor the device’s traffic and logs for anomalous activity that may indicate exploitation attempts

Generated by OpenCVE AI on April 12, 2026 at 08:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:h:tenda:f451:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:f451_firmware:1.0.0.7:*:*:*:*:*:*:*

Mon, 13 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda f451
Vendors & Products Tenda f451

Sun, 12 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
Description A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.
Title Tenda F451 httpd WrlclientSet stack-based overflow
First Time appeared Tenda
Tenda f451 Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:tenda:f451_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda f451 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda F451 F451 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-13T12:13:51.214Z

Reserved: 2026-04-11T16:03:25.689Z

Link: CVE-2026-6121

cve-icon Vulnrichment

Updated: 2026-04-13T12:12:38.061Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-12T08:16:36.467

Modified: 2026-04-29T20:02:13.937

Link: CVE-2026-6121

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:56:11Z

Weaknesses