Description
A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
Published: 2026-04-12
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability lies in the fromSafeUrlFilter function located in the /goform/SafeUrlFilter of Tenda F451 firmware 1.0.0.7_cn_svn7958. By manipulating the "page" argument, an attacker can trigger a stack-based buffer overflow. This overflow can allow the execution of arbitrary code and compromise the device. The exploit is remotely reachable and publicly available, indicating that an attacker does not need local access to launch the attack.

Affected Systems

Tenda F451, firmware version 1.0.0.7_cn_svn7958. Network devices using this firmware are vulnerable until patched.

Risk and Exploitability

The CVSS score of 8.7 reflects a high severity issue, and although EPSS data is not available, publicly posted exploit code suggests a real and immediate threat. The vulnerability is not listed in the CISA KEV catalog, but that does not reduce its importance. Attackers can exploit it remotely over the internet, making timely remediation essential.

Generated by OpenCVE AI on April 13, 2026 at 00:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Tenda F451 firmware to a version that resolves the stack-based overflow in fromSafeUrlFilter.
  • If no patch is immediately available, block external access to the /goform/SafeUrlFilter endpoint through firewall rules or network segmentation.
  • Temporarily disable remote management on the device until a fix is applied.

Generated by OpenCVE AI on April 13, 2026 at 00:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:h:tenda:f451:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:f451_firmware:1.0.0.7:*:*:*:*:*:*:*

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda f451
Vendors & Products Tenda f451

Mon, 13 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sun, 12 Apr 2026 23:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
Title Tenda F451 SafeUrlFilter fromSafeUrlFilter stack-based overflow
First Time appeared Tenda
Tenda f451 Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:tenda:f451_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda f451 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda F451 F451 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-13T12:05:38.835Z

Reserved: 2026-04-12T07:22:24.890Z

Link: CVE-2026-6133

cve-icon Vulnrichment

Updated: 2026-04-13T12:05:33.019Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-12T23:16:26.117

Modified: 2026-04-30T12:38:16.397

Link: CVE-2026-6133

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:55Z

Weaknesses