Which versions of Tenda are affected by CVE-2026-6121?

Tenda F451 router firmware versions up to 1.0.0.7 contain a stack-based buffer overflow vulnerability (CVSS 8.8) in the wireless configuration service that allows authenticated attackers to gain…

Is there a public PoC exploit available for CVE-2026-6121?

Yes, a public proof-of-concept exploit is available for CVE-2026-6121. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-6121?

Within 24 hours: Inventory all Tenda F451 routers in production and document current firmware versions. Within 7 days: Restrict network access to router administration interfaces using firewall rules and disable remote management if not operationally required; implement network segmentation to isolate affected routers. Within 30 days: Contact Tenda for firmware update availability; if no patch release is announced, evaluate replacement with patched router models or implement persistent compensating controls including authenticated access restrictions and continuous network monitoring.

Tenda CVE-2026-6121

Q: What is the CVSS score of CVE-2026-6121?

CVE-2026-6121 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-21720 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-04-12 VulDB

Tenda Stack Overflow Buffer Overflow

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 29, 2026 - 20:07 vuln.today

cvss_changed

PoC Detected

Apr 29, 2026 - 20:02 vuln.today

Public exploit code

CVSS changed

Apr 12, 2026 - 08:22 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

Apr 12, 2026 - 07:35 vuln.today

EUVD ID Assigned

Apr 12, 2026 - 07:30 euvd

EUVD-2026-21720

Analysis Generated

Apr 12, 2026 - 07:30 vuln.today

CVE Published

Apr 12, 2026 - 07:15 nvd

HIGH 7.4

DescriptionCVE.org

A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.

AnalysisAI

Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7 allows authenticated remote attackers to achieve full system compromise via crafted HTTP requests to the wireless client configuration endpoint. The vulnerability (CVSS 8.8) exists in the WrlclientSet function within the httpd service and requires only low-privilege authentication. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Obtain low-privilege credentials

Delivery

Authenticate to web admin interface

Exploit

Send crafted POST to /goform/WrlclientSet

Install

Trigger stack overflow via oversized GO parameter

Overwrite return address with shellcode pointer

Execute

Execute arbitrary code as root

Impact

Install persistent backdoor

Recon

Obtain low-privilege credentials

Delivery

Authenticate to web admin interface

Exploit

Send crafted POST to /goform/WrlclientSet

Install

Trigger stack overflow via oversized GO parameter

Overwrite return address with shellcode pointer

Execute

Execute arbitrary code as root

Impact

Install persistent backdoor

Vulnerability AssessmentAI

Exploitation	Tenda F451 firmware version 1.0.0.7. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Real-world risk is HIGH for deployed Tenda F451 routers, though targeting requires authentication. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who has obtained low-privilege credentials (through credential stuffing, default password exploitation, or previous compromise) authenticates to the Tenda F451 web administration interface from the internet or local network. They craft a malicious HTTP POST request to the /goform/WrlclientSet endpoint with an oversized 'GO' parameter designed to overflow the stack buffer in the WrlclientSet function. …
Remediation	Users of Tenda F451 routers running firmware 1.0.0.7 should immediately check for firmware updates through the Tenda support portal at https://www.tenda.com.cn/ and apply any available security patches. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Tenda F451 routers in production and document current firmware versions. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-38065 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the

CVE-2026-38060 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin p

CVE-2026-38061 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volum

CVE-2026-38062 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the rat

CVE-2026-38063 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via

CVE-2026-6121 vulnerability details – vuln.today

Back

Tenda CVE-2026-6121

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code