A severe vulnerability in Tenda’s FH451 router (firmware version 1.0.0.9) could allow attackers to remotely crash devices or seize control.
Dubbed CVE-2026-4535, this stack-based buffer overflow flaw has already seen public exploit code released, putting countless home and small office networks at risk. Security researchers urge immediate firmware checks and updates amid threats from threat actors.
The issue lurks in the router’s /goform/WrlclientSet function, which handles wireless client settings. By feeding oversized data into the “GO” parameter, attackers trigger a classic stack-based buffer overflow. Think of it like overfilling a glass: data spills into adjacent memory, corrupting the program’s stack and enabling arbitrary code execution.
This stems from CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow). Attackers don’t need physical access; it’s exploitable over the network with low complexity (AV: N/AC:L). Authentication is required (Au:S or PR:L), meaning insiders or those who’ve cracked weak admin creds are prime threats.
With a proof-of-concept (POC) already public on GitHub. No EPSS score yet, but the rapid exploit drop signals great real-world danger.
| CVSS Version | Base Score | Severity | Vector Summary | Exploitability | Impact |
|---|---|---|---|---|---|
| v2.0 | 9.0 | HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC | N/A | N/A |
| v3.0 | 8.8 | HIGH | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | N/A | N/A |
| v3.1 | 8.8 | HIGH | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| v4.0 | 8.7-7.4 | HIGH | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/… | N/A | N/A |
These metrics highlight full confidentiality, integrity, and availability (C:I:A) against compromise and exploitation.
Tenda FH451 routers on firmware 1.0.0.9 are confirmed vulnerable. This model is popular in budget-conscious markets, such as Asia and emerging economies. Attackers target the web interface remotely, crafting malicious requests to /goform/WrlclientSet?GO=<overflow_payload>.
Real-world risks? Compromised routers could:
- Serve as pivots for lateral movement in networks.
- Steal Wi-Fi creds, session cookies, or traffic.
- Launch DDoS bots or crypto-miners.
“Buffer overflows like this are low-hanging fruit for script kiddies,” says cybersecurity analyst Dr. Lena Voss. “With POC code out, expect mass scans within days.” Tenda’s site (tenda.com.cn) lists no patch yet for firmware 1.0.0.9; users should isolate devices or revert to a factory reset.
Mitigation Steps:
- Update Firmware: Visit tenda.com.cn for patches monitor daily.
- Chanand ge Defaults: Swap admin passwords; disable WPS.
- Network Segmentation: Isolate routers via VLANs or firewalls.
- Scan Tools: Run Nuclei or custom scripts targeting CVE-2026-4535.
- Monitor Logs: Watch for overflow anomalies inÂ
/goform/Â endpoints. - Replace if Needed: Ditch end-of-life gear.
Organizations: Prioritize SBOM scans and IOC feeds. Home users, enable auto-updates and use VPNs.
This Tenda FH451 vulnerability underscores IoT security woes that vendors must bake in, underscoring the need for inbound stocking bounds-checking into their products, vigilance is key. Stay tuned for patch news.
Site: cybersecuritypath.com
| https://www.tenda.com.cn/ |
| https://github.com/Litengzheng/vul_db/blob/main/FH451/vul_42/README.md |
| https://vuldb.com/?id.352323 |
| https://vuldb.com/?ctiid.352323 |
| https://vuldb.com/?submit.774343 |
About the Author
