Which versions of Tenda are affected by CVE-2026-6124?

CVE-2026-6124 is a critical remote code execution vulnerability affecting Tenda F451 routers (firmware 1.0.0.7) that allows authenticated users to completely compromise the device through a stack…

Is there a public PoC exploit available for CVE-2026-6124?

Yes, a public proof-of-concept exploit is available for CVE-2026-6124. Prioritise patching immediately. EPSS: 0.0%.

Tenda CVE-2026-6124

Q: What is the CVSS score of CVE-2026-6124?

CVE-2026-6124 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-21726 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-04-12 VulDB

GHSA-hjj3-4fc4-rhvw

Buffer Overflow Stack Overflow Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 29, 2026 - 20:07 vuln.today

cvss_changed

PoC Detected

Apr 29, 2026 - 19:54 vuln.today

Public exploit code

CVSS changed

Apr 12, 2026 - 09:22 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

Apr 12, 2026 - 09:21 vuln.today

EUVD ID Assigned

Apr 12, 2026 - 09:15 euvd

EUVD-2026-21726

Analysis Generated

Apr 12, 2026 - 09:15 vuln.today

CVE Published

Apr 12, 2026 - 09:00 nvd

HIGH 7.4

DescriptionNVD

A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of the argument page/menufacturer can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

AnalysisAI

Stack-based buffer overflow in Tenda F451 router firmware 1.0.0.7 allows authenticated remote attackers to achieve complete system compromise via the SafeMacFilter function. The vulnerability is exploitable over the network with low complexity, requiring only basic user credentials. …

RemediationAI

Within 24 hours: Identify and inventory all Tenda F451 devices running firmware 1.0.0.7 using network scanning tools; immediately revoke or rotate credentials for any administrative accounts with router access. Within 7 days: Isolate affected Tenda F451 devices to segregated network segments with restricted access controls; check Tenda security advisories for firmware updates beyond 1.0.0.7. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6124 vulnerability details – vuln.today

Back

Tenda CVE-2026-6124

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda CVE-2026-6124

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code