CVE-2026-4534
Remote Stack-Based Buffer Overflow in Tenda FH451 /goform/WrlExtraSet
Publication date: 2026-03-22
Last updated on: 2026-04-03
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | fh451_firmware | 1.0.0.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-4534 is a stack-based buffer overflow vulnerability found in the Tenda FH451 router firmware version 1.0.0.9. It occurs in the function formWrlExtraSet within the HTTP daemon component, specifically when processing a user-supplied parameter named "GO". This parameter is passed without any length validation to a subroutine that uses sprintf to write into a fixed-size stack buffer, leading to a potential overflow.'}, {'type': 'paragraph', 'content': 'An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the /goform/WrlExtraSet endpoint with an excessively long "GO" parameter. This can cause the buffer overflow, potentially allowing the attacker to cause a denial of service (DoS) or execute arbitrary code remotely on the device.'}] [1]
How can this vulnerability impact me? :
This vulnerability can have serious impacts including denial of service (DoS) and remote code execution (RCE) on the affected Tenda FH451 router. An attacker exploiting this flaw can remotely crash the device or take control of it, potentially compromising the network security and availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious HTTP POST requests sent to the endpoint /goform/WrlExtraSet containing an excessively long "GO" parameter.'}, {'type': 'paragraph', 'content': 'A practical detection method is to capture and analyze network traffic for such requests.'}, {'type': 'list_item', 'content': 'Use a network packet capture tool like tcpdump or Wireshark to filter HTTP POST requests to /goform/WrlExtraSet.'}, {'type': 'list_item', 'content': "Example tcpdump command to capture relevant traffic: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/WrlExtraSet'"}, {'type': 'list_item', 'content': 'Inspect captured POST requests for the "GO" parameter with unusually large payloads (thousands of characters).'}, {'type': 'paragraph', 'content': 'Alternatively, a simple curl command can be used to test the vulnerability by sending a crafted POST request with a large "GO" parameter to see if the device responds abnormally or crashes.'}, {'type': 'list_item', 'content': 'Example curl command: curl -X POST http://<target-ip>/goform/WrlExtraSet -d \'GO=$(python3 -c "print(\'A\'*10000)")\''}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the vulnerable device's web interface to trusted networks only."}, {'type': 'paragraph', 'content': 'Disabling remote management or web interface access from untrusted networks can reduce exposure.'}, {'type': 'paragraph', 'content': 'Monitor the device for unusual behavior or crashes that may indicate exploitation attempts.'}, {'type': 'paragraph', 'content': 'If possible, apply firmware updates or patches provided by the vendor to fix the vulnerability.'}, {'type': 'paragraph', 'content': 'Until a patch is available, consider using network-level protections such as firewalls or intrusion prevention systems to block malicious POST requests targeting /goform/WrlExtraSet.'}] [1]