Platform
tenda
Component
tenda
Fixed in
1.0.1
CVE-2026-5992 describes a stack-based buffer overflow vulnerability found in the Tenda F451 router. This flaw allows for remote exploitation through manipulation of the 'page' argument within the /goform/P2pListFilter function, potentially leading to denial of service or code execution. The vulnerability affects versions 1.0.0 through 1.0.0.7 of the router firmware. As of the publication date, no official patch has been released to address this issue.
A critical vulnerability has been identified in the Tenda F451 router, version 1.0.0.7, designated as CVE-2026-5992. This security flaw resides within the fromP2pListFilter function of the /goform/P2pListFilter file and manifests as a stack-based buffer overflow. A remote attacker can exploit this vulnerability to execute malicious code on the device, potentially compromising the network it is connected to. The vulnerability's severity is rated at a CVSS score of 8.8, indicating a high risk. The public disclosure of the exploit significantly increases the likelihood of exploitation, demanding immediate action to mitigate the risk. The absence of an official fix from Tenda exacerbates the situation, necessitating alternative solutions.
The exploit for CVE-2026-5992 has been publicly disclosed, meaning attackers can readily access the information needed to exploit the vulnerability. The fromP2pListFilter function is vulnerable to manipulation of the page argument, leading to the buffer overflow. An attacker can send a specially crafted request to the router that exploits this weakness, potentially allowing them to execute arbitrary code. The remote nature of the exploitation means an attacker does not need physical access to the device. The public disclosure of the exploit, combined with the lack of a patch, creates a significant window of opportunity for attackers.
Exploit Status
EPSS
0.05% (15% percentile)
CISA SSVC
Given that Tenda has not provided a firmware update to address CVE-2026-5992, mitigation options are limited and require caution. We strongly recommend network segmentation, isolating the Tenda F451 router from critical resources. Implementing strict firewall rules to restrict access to the router from the external network can help reduce the attack surface. Monitoring network traffic for suspicious activity is crucial. Considering replacing the Tenda F451 router with a more secure model with security update support is the most effective long-term solution. The lack of an official fix implies that any mitigation is temporary and may not be fully effective.
Actualice el firmware de su dispositivo Tenda F451 a la última versión disponible proporcionada por el fabricante para mitigar el riesgo de desbordamiento de búfer en la pila. Consulte el sitio web oficial de Tenda o la documentación del producto para obtener instrucciones de actualización.
Vulnerability analysis and critical alerts directly to your inbox.
It's a unique identifier for a specific security vulnerability in the Tenda F451 router.
It's a type of vulnerability that occurs when a program attempts to write data beyond the boundaries of a memory buffer, potentially causing a system crash or allowing malicious code execution.
It means attackers can easily access the information needed to exploit the vulnerability, increasing the risk of attacks.
Implement the recommended mitigation measures (network segmentation, firewall, monitoring) and consider replacing the router.
Currently, no update is available. Stay informed about potential future updates.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.