Skip to main content

Tenda FH451 CVE-2026-36786

| EUVDEUVD-2026-35118 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-06-08 mitre GHSA-5jh4-mg5m-84h8
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jun 08, 2026 - 19:26 vuln.today
CVSS changed
Jun 08, 2026 - 19:22 NVD
7.5 (HIGH)
CVE Published
Jun 08, 2026 - 00:00 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

AnalysisAI

Denial of service in Tenda FH451 router firmware V1.0.0.9 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack overflow in the list1 parameter of the fromDhcpListClient function. Publicly available exploit code exists in a GitHub research repository, though the vulnerability is not listed in CISA KEV and no EPSS score has been published at time of analysis. Impact is limited to availability - no confidentiality or integrity loss is indicated.

Technical ContextAI

The Tenda FH451 is a small office/home office (SOHO) wired router, and the affected fromDhcpListClient routine is part of its web management interface, which exposes DHCP client list handling over HTTP. The root cause is CWE-121 (Stack-based Buffer Overflow): the list1 query/POST parameter is copied into a fixed-size stack buffer without adequate bounds checking, so an oversized value corrupts the call stack and crashes the httpd process. This pattern is recurrent across Tenda's MIPS-based residential firmware family, where multiple form-handler functions historically lack length validation on user-controlled HTTP parameters.

RemediationAI

No vendor-released patch identified at time of analysis - Shenzhen Tenda has not published an advisory or fixed firmware build referenced in the provided intelligence, so administrators should monitor https://www.tendacn.com for an updated FH451 firmware image superseding V1.0.0.9. As compensating controls, restrict access to the router's HTTP management interface to a trusted management VLAN or specific admin IPs (most FH-series devices expose this on LAN by default but support ACLs), and ensure remote/WAN-side web administration is disabled - the trade-off is loss of off-LAN management convenience. Where feasible, place the device behind an upstream firewall that blocks unsolicited HTTP/HTTPS to the router's management port, and consider replacement with a supported model if no firmware update materializes, since EOL SOHO routers commonly accumulate similar form-handler overflows.

More in Tenda

View all
CVE-2022-30023 HIGH POC
8.8 Jun 16

Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. Rated high sev

CVE-2015-5995 CRITICAL POC
9.8 Dec 31

Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attacke

CVE-2014-5246 CRITICAL POC
10.0 Aug 22

The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication

CVE-2025-45042 CRITICAL POC
9.8 May 05

Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critic

CVE-2025-29384 CRITICAL POC
9.8 Mar 14

In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability

CVE-2025-44877 CRITICAL POC
9.8 May 02

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via

CVE-2025-44872 CRITICAL POC
9.8 May 02

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via

CVE-2022-32386 CRITICAL POC
9.8 Jul 06

Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan. Rated critical severity (CV

CVE-2025-25632 CRITICAL POC
9.8 Mar 05

Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical se

CVE-2023-51972 CRITICAL POC
9.8 Jan 10

Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. Rate

CVE-2023-51812 CRITICAL POC
9.8 Jan 04

Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /

CVE-2025-45429 CRITICAL POC
9.8 Apr 23

In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWp

Share

CVE-2026-36786 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy