Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mit_ssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
AnalysisAI
Stack-based buffer overflow in Tenda F451 wireless router firmware 1.0.0.7 enables authenticated remote attackers to execute arbitrary code via crafted mit_ssid parameter to formWrlsafeset function in /goform/AdvSetWrlsafeset endpoint. Publicly available exploit code exists. Attack requires low-privilege authenticated access to the router's web management interface, resulting in complete compromise of device confidentiality, integrity, and availability with no impact to other network segments.
Technical ContextAI
Insufficient input validation in formWrlsafeset wireless security configuration handler allows stack memory corruption through oversized mit_ssid parameter. CWE-119 memory buffer error permits direct manipulation of return addresses and execution flow. Affects CPE cpe:2.3:o:tenda:f451_firmware:1.0.0.7:*:*:*:*:*:*:*. CVSS vector PR:L indicates authenticated exploitation requirement; no local attack complexity.
RemediationAI
No vendor-released patch identified at time of analysis. Tenda has not published security advisories addressing CVE-2026-5988 per manufacturer website https://www.tenda.com.cn/. Immediate mitigations: (1) disable remote management access to administrative interface, restrict access to trusted local network segments only; (2) implement network segmentation isolating F451 devices from critical infrastructure; (3) monitor authentication logs for unauthorized access attempts to /goform endpoints; (4) consider device replacement with actively supported hardware if vendor does not release firmware update. Vulnerability details: https://vuldb.com/vuln/356542 and proof-of-concept: https://github.com/Jimi-Lab/cve/issues/4. Contact Tenda technical support for patch availability status.
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. Rated high sev
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attacke
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication
Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critic
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via
Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan. Rated critical severity (CV
Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical se
Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. Rate
Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /
In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWp
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21238
GHSA-wmj6-9qv3-c38f