EUVD-2026-21718
GHSA-frh5-x99h-w9g9
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2Description
A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
Analysis
Stack-based buffer overflow in Tenda F451 router version 1.0.0.7 allows authenticated remote attackers to achieve complete system compromise through the DHCP client list function. The vulnerability exists in the httpd service's /goform/DhcpListClient endpoint via the 'page' parameter. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Tenda F451 v1.0.0.7 devices in inventory and restrict network access to the httpd service (port 80/443) to trusted administrative IP ranges only. Within 7 days: Disable or restrict access to the /goform/DhcpListClient endpoint through firewall rules or WAF policies if possible; audit administrative account credentials for evidence of compromise. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today