Description
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Published: 2026-04-12
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A stack‑based buffer overflow exists in the frmL7ProtForm function of the Tenda F451 firmware’s httpd component. By manipulating the page argument sent to /goform/L7Prot, an attacker can corrupt the stack and gain arbitrary code execution. The vulnerability is a classic buffer overflow (CWE‑119) with stack corruption (CWE‑121).

Affected Systems

The only documented vulnerable system is the Tenda F451 router running firmware version 1.0.0.7. No other product or version identifiers are listed as affected.

Risk and Exploitability

The base severity score is 8.7, indicating a high‑impact flaw. The exploit is publicly disclosed and can be launched remotely through the web interface that hosts the vulnerable httpd component. While exploit probability data is unavailable and the flaw is not in the KEV catalog, the remote nature and high severity make it a significant risk for administrators who expose the device to untrusted networks.

Generated by OpenCVE AI on April 12, 2026 at 09:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s latest firmware update for the Tenda F451.
  • If an update is not yet available, restrict or disable the httpd interface, limiting access to trusted IPs only.
  • Continuously monitor device logs and network traffic for signs of exploitation attempts.
  • Consider replacing the router with a newer model or a vendor that has addressed the vulnerability.

Generated by OpenCVE AI on April 12, 2026 at 09:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:h:tenda:f451:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:f451_firmware:1.0.0.7:*:*:*:*:*:*:*

Tue, 14 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda f451
Vendors & Products Tenda f451

Sun, 12 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Title Tenda F451 httpd L7Prot frmL7ProtForm stack-based overflow
First Time appeared Tenda
Tenda f451 Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:tenda:f451_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda f451 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda F451 F451 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-14T19:37:43.798Z

Reserved: 2026-04-11T16:03:31.199Z

Link: CVE-2026-6122

cve-icon Vulnrichment

Updated: 2026-04-14T19:35:54.937Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-12T08:16:37.700

Modified: 2026-04-29T20:01:34.163

Link: CVE-2026-6122

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:56:09Z

Weaknesses