Stack-Based Overflows in Tenda FH451 and FH1201 Routers Expose Remote Attack Path
Two high-severity vulnerabilities have been disclosed in Tenda router firmware, affecting FH451 1.0.0.9 and FH1201 1.2.0.14(408). The flaws, tracked as CVE-2026-4535 and CVE-2026-5045, are stack-based buffer overflows in the WrlclientSet function exposed through the /goform/WrlclientSet endpoint. In both cases, an attacker can trigger the issue by manipulating the GO argument, creating a remotely reachable attack path against the devices' web management interface.
Both CVEs are classified under CWE-119 and CWE-121, and published scoring indicates high impact to confidentiality, integrity, and availability, with some vectors rating the flaws at critical severity. Public exploit information is already available for both issues, raising the risk of real-world exploitation against unpatched internet-exposed routers and embedded deployments using the affected firmware.
Timeline
Mar 29, 2026
CVE-2026-5045 recorded for Tenda FH1201 buffer overflow
A CVE entry was recorded for a stack-based buffer overflow in the WrlclientSet function of Tenda FH1201 firmware 1.2.0.14(408) in the /goform/WrlclientSet endpoint. The vulnerability is remotely exploitable through the GO argument, and the entry states that public exploit information is available.
Mar 22, 2026
CVE-2026-4535 recorded for Tenda FH451 buffer overflow
A CVE entry was published for a stack-based buffer overflow in the WrlclientSet function of Tenda FH451 version 1.0.0.9 at the /goform/WrlclientSet endpoint. The flaw is remotely exploitable via manipulation of the GO argument, and public exploit information was noted as available.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Sources
Related Stories
Publicly Exploitable Buffer Overflows Disclosed in Tenda FH451 and F453 Routers
Two high-severity vulnerabilities have been disclosed in Tenda router firmware, affecting **FH451 1.0.0.9** and **F453 1.0.0.3**. The flaws are tracked as `CVE-2026-4534` and `CVE-2026-4552` and both involve remotely reachable stack-based buffer overflows in web management handlers. In the FH451 case, the issue is in the `formWrlExtraSet` function exposed through the `/goform/WrlExtraSet` component, where manipulation of the `GO` argument can trigger memory corruption. In the F453 case, the vulnerable code is the `fromVirtualSer` function behind the `/goform/VirtualSer` endpoint, where the `page` argument can be abused to cause a similar overflow. Both CVE records indicate that **public exploits are available**, increasing the likelihood of opportunistic attacks against exposed devices. The disclosures map the weaknesses to `CWE-119` and `CWE-121`, reflecting out-of-bounds memory handling and stack-based buffer overflow conditions, and the published scoring points to high impact on confidentiality, integrity, and availability. Organizations using these Tenda models should treat the flaws as urgent remote compromise risks, especially where router administration interfaces are internet-accessible.
1 months ago
Publicly Disclosed Stack Overflow Flaws Expose Tenda F451 Routers to Remote Attack
Two high-severity vulnerabilities, **CVE-2026-6122** and **CVE-2026-6136**, were disclosed for **Tenda F451** routers, both affecting firmware `1.0.0.7` and enabling **remote stack-based buffer overflow** attacks through the device's `httpd` web interface. The flaws reside in the `/goform/L7Prot` and `/goform/L7Im` endpoints, specifically in the `frmL7ProtForm` and `frmL7ImForm` functions, where improper handling of the `page` argument can corrupt stack memory. Both CVEs are mapped to **CWE-119** and **CWE-121**, and the disclosures indicate that **public exploit details are already available**, raising the risk of near-term exploitation against exposed devices. One advisory notes the issue requires only **low privileges** for exploitation, and both entries describe the attack path as remote, making internet-accessible or poorly segmented Tenda F451 deployments a likely target for abuse.
2 weeks ago
Publicly Exploitable Stack Overflows Disclosed in Tenda F453 and F451 Routers
Two high-severity vulnerabilities have been disclosed in Tenda routers, both enabling remote stack-based buffer overflows through exposed `/goform/` endpoints. **CVE-2026-4551** affects the Tenda **F453** running version `1.0.0.3`, where the `fromSafeClientFilter` function in the `/goform/SafeClientFilter` handler can be exploited by manipulating the `menufacturer/Go` argument. **CVE-2026-5990** affects the Tenda **F451** running version `1.0.0.7`, where the `fromSafeEmailFilter` function in the `/goform/SafeEmailFilter` component can be triggered via the `page` argument. Both flaws are classified under **CWE-119** and **CWE-121** and are described as remotely exploitable with **public exploit information available**, raising the risk of active abuse against exposed devices. The CVE records assign high impact across **confidentiality, integrity, and availability** in published CVSS scoring, indicating that successful exploitation could give attackers a powerful path to compromise vulnerable edge networking equipment.
2 weeks ago