Which versions of Tenda are affected by CVE-2026-5990?

CVE-2026-5990 is a stack-based buffer overflow in Tenda F451 routers (firmware 1.0.0.7) that allows authenticated users to execute arbitrary code or disable the device entirely.

Tenda CVE-2026-5990

Q: What is the CVSS score of CVE-2026-5990?

CVE-2026-5990 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-21242 HIGH

Buffer Overflow (CWE-119)

2026-04-10 cna@vuldb.com

Buffer Overflow Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 29, 2026 - 20:07 vuln.today

cvss_changed

EUVD ID Assigned

Apr 10, 2026 - 00:22 euvd

EUVD-2026-21242

Analysis Generated

Apr 10, 2026 - 00:22 vuln.today

CVE Published

Apr 10, 2026 - 00:16 nvd

HIGH 7.4

DescriptionNVD

A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7 allows authenticated remote attackers to execute arbitrary code or cause denial of service via crafted 'page' parameter in the fromSafeEmailFilter function at /goform/SafeEmailFilter endpoint. Publicly available exploit code exists. …

RemediationAI

Within 24 hours: Identify all Tenda F451 routers in your environment and document firmware versions via admin interface or device inventory tools. Within 7 days: Contact Tenda support for firmware update availability and interim mitigations; restrict admin access to trusted personnel only and disable remote management if enabled. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-5990 vulnerability details – vuln.today

Back

Tenda CVE-2026-5990

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda CVE-2026-5990

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code