プラットフォーム
tenda
コンポーネント
tenda
修正版
1.0.1
A critical buffer overflow vulnerability (CVE-2026-6133) has been discovered in the Tenda F451 SafeUrlFilter, specifically affecting versions between 1.0.0 and 1.0.0.7cnsvn7958. This flaw resides within the /goform/SafeUrlFilter function and allows remote attackers to trigger a stack-based buffer overflow by manipulating the 'page' argument. A public exploit is already available, increasing the risk of immediate exploitation.
The vulnerability allows a remote attacker to execute arbitrary code on the affected Tenda F451 router. By crafting a malicious request targeting the /goform/SafeUrlFilter endpoint, an attacker can overwrite memory on the stack, potentially gaining control of the device. Successful exploitation could lead to complete system compromise, including data theft, configuration modification, and the use of the router as a pivot point for further attacks within the network. The availability of a public exploit significantly elevates the risk, making it a high-priority concern.
CVE-2026-6133 is publicly known and a proof-of-concept exploit is available, indicating a high probability of exploitation. The vulnerability was disclosed on 2026-04-12. It is not currently listed on CISA KEV, but its public availability warrants close monitoring. Given the ease of exploitation, organizations using the affected Tenda F451 models should prioritize remediation.
Small and medium-sized businesses (SMBs) and home users who rely on Tenda F451 routers for their network connectivity are at significant risk. Shared hosting environments where multiple users share a single router are particularly vulnerable, as a compromise of one router could potentially impact all users.
• linux / server:
journalctl -u tenda_safeurlfilter -f | grep -i overflow• generic web:
curl -I <router_ip>/goform/SafeUrlFilter?page=<malicious_input>Inspect the response headers and body for any errors or unusual behavior. • linux / server:
lsof -i :80 | grep tendaCheck for unusual processes listening on port 80 associated with the Tenda router.
disclosure
エクスプロイト状況
EPSS
0.05% (15% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation is to upgrade the Tenda F451 firmware to a patched version. Unfortunately, a fixed version is not yet specified in the CVE details. As a temporary workaround, consider implementing strict input validation on the 'page' parameter within the /goform/SafeUrlFilter endpoint, if possible. Network segmentation can limit the potential blast radius of a successful exploit. Monitor router logs for unusual activity or attempts to access the /goform/SafeUrlFilter endpoint. A WAF configured to detect buffer overflow attempts targeting this endpoint could also provide some protection.
Actualice el firmware de su dispositivo Tenda F451 a una versión corregida para mitigar el riesgo de desbordamiento de búfer. Consulte el sitio web oficial de Tenda o los canales de soporte para obtener la última versión del firmware.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-6133 is a HIGH severity buffer overflow vulnerability in the Tenda F451 SafeUrlFilter, allowing remote attackers to potentially gain control of the router.
You are affected if you are using a Tenda F451 router running versions 1.0.0–1.0.0.7cnsvn7958.
Upgrade to a patched firmware version. As of this writing, a fixed version is not yet available; monitor Tenda's website for updates.
Yes, a public proof-of-concept exploit is available, indicating a high probability of active exploitation.
Check the Tenda support website for advisories related to CVE-2026-6133: https://www.tenda.com/support
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。