Plattform
tenda
Komponente
tenda
Behoben in
1.0.1
CVE-2026-5991 describes a stack-based buffer overflow vulnerability affecting the Tenda F451 router. This flaw resides within the function formWrlExtraSet, specifically when handling the GO argument in the /goform/WrlExtraSet file. Successful exploitation, which can be initiated remotely, could lead to a denial of service or potentially arbitrary code execution. The vulnerability impacts Tenda F451 routers running versions 1.0.0 through 1.0.0.7, and a public exploit is available.
A critical vulnerability has been identified in the Tenda F451 router, version 1.0.0.7, designated as CVE-2026-5991. This security flaw resides within the 'formWrlExtraSet' function of the '/goform/WrlExtraSet' file and manifests as a stack-based buffer overflow. Manipulation of the 'GO' argument allows an attacker to exploit this vulnerability. The problem's severity is rated at 8.8 on the CVSS scale, indicating a high risk. The concerning aspect is that the vulnerability is remotely exploitable, and a public exploit is already available, facilitating its exploitation by malicious actors. This could lead to arbitrary code execution on the device, compromising the network it is connected to.
The CVE-2026-5991 vulnerability in the Tenda F451 allows for remote code execution through manipulation of the 'GO' argument in the 'formWrlExtraSet' function. The availability of a public exploit means that attackers can easily replicate the attack without requiring advanced technical expertise. This poses a significant risk, especially for home users and small businesses that rely on this router for their network security. The exploit likely involves sending a malicious request to the router, designed to overwrite the stack memory and execute arbitrary code. The lack of proper input validation for the 'GO' parameter is the root cause of this vulnerability.
Exploit-Status
EPSS
0.05% (15% Perzentil)
CISA SSVC
Currently, there is no official fix provided by Tenda to address this vulnerability. The primary recommendation is to update the router's firmware to the latest available version, although it is unknown whether this version corrects the issue. As a preventative measure, isolating the router from the public network, restricting access from the Internet, is suggested. Implementing a robust firewall and monitoring network traffic for suspicious activity can also help mitigate the risk. We strongly recommend contacting Tenda directly to request a security update and stay informed about any official announcements regarding the correction of this vulnerability. The lack of an official solution demands a proactive approach to network security.
Actualice el firmware del router Tenda F451 a una versión corregida por el fabricante. Consulte el sitio web de soporte de Tenda para obtener más información sobre las actualizaciones de firmware disponibles.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
It's a unique identifier for this security vulnerability.
Yes, if you are running version 1.0.0.7, it is vulnerable and you should take action.
Isolate the router from the internet and consider replacing it with a more secure model.
Currently, there is no official solution available. Contact Tenda for updates.
Monitor network traffic and look for unusual activity. Check the router's logs.
CVSS-Vektor
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.