Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
AnalysisAI
Denial of service in Tenda FH451 router firmware V1.0.0.9 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack overflow in the list1 parameter of the fromDhcpListClient function. Publicly available exploit code exists in a GitHub research repository, though the vulnerability is not listed in CISA KEV and no EPSS score has been published at time of analysis. Impact is limited to availability - no confidentiality or integrity loss is indicated.
Technical ContextAI
The Tenda FH451 is a small office/home office (SOHO) wired router, and the affected fromDhcpListClient routine is part of its web management interface, which exposes DHCP client list handling over HTTP. The root cause is CWE-121 (Stack-based Buffer Overflow): the list1 query/POST parameter is copied into a fixed-size stack buffer without adequate bounds checking, so an oversized value corrupts the call stack and crashes the httpd process. This pattern is recurrent across Tenda's MIPS-based residential firmware family, where multiple form-handler functions historically lack length validation on user-controlled HTTP parameters.
RemediationAI
No vendor-released patch identified at time of analysis - Shenzhen Tenda has not published an advisory or fixed firmware build referenced in the provided intelligence, so administrators should monitor https://www.tendacn.com for an updated FH451 firmware image superseding V1.0.0.9. As compensating controls, restrict access to the router's HTTP management interface to a trusted management VLAN or specific admin IPs (most FH-series devices expose this on LAN by default but support ACLs), and ensure remote/WAN-side web administration is disabled - the trade-off is loss of off-LAN management convenience. Where feasible, place the device behind an upstream firewall that blocks unsolicited HTTP/HTTPS to the router's management port, and consider replacement with a supported model if no firmware update materializes, since EOL SOHO routers commonly accumulate similar form-handler overflows.
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. Rated high sev
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attacke
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication
Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critic
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via
Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan. Rated critical severity (CV
Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical se
Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. Rate
Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /
In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWp
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35118
GHSA-5jh4-mg5m-84h8