CVE-2026-5991
Received Received - Intake
Remote Stack-Based Buffer Overflow in Tenda F451 /goform/WrlExtraSet

Publication date: 2026-04-10

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-10
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5991
EUVD
EUVD-2026-21244
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda f451_firmware 1.0.0.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-5991 is a stack-based buffer overflow vulnerability found in the Tenda F451 router firmware version 1.0.0.7. It occurs in the function formWrlExtraSet, specifically when processing the user-supplied parameter "GO". The parameter is passed without any length validation to a function that uses sprintf to write into a fixed-size stack buffer. Because there is no boundary check, an attacker can send an excessively long "GO" parameter in an HTTP POST request to the /goform/WrlExtraSet endpoint, causing a buffer overflow.

This overflow can lead to denial of service or potentially allow remote code execution by exploiting the overflow to overwrite the stack.

Impact Analysis

This vulnerability can impact you by allowing a remote attacker to cause a denial of service on the affected device, making the router unresponsive or unstable.

More severely, the attacker could exploit the buffer overflow to execute arbitrary code remotely, potentially gaining control over the device, intercepting network traffic, or launching further attacks within your network.

Detection Guidance

This vulnerability can be detected by monitoring for HTTP POST requests sent to the endpoint "/goform/WrlExtraSet" that contain an excessively long "GO" parameter.

A practical detection method is to capture network traffic and look for POST requests with unusually large payloads in the "GO" parameter.

  • Use a network packet capture tool like tcpdump or Wireshark to filter HTTP POST requests to "/goform/WrlExtraSet".
  • Example tcpdump command to capture relevant traffic: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -A 10 'POST /goform/WrlExtraSet'
  • Inspect captured HTTP POST requests for the "GO" parameter length; a length of 2048 bytes or more is suspicious and may indicate an exploit attempt.
Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable endpoint and limiting the size of input parameters.

  • Block or filter incoming HTTP POST requests to "/goform/WrlExtraSet" from untrusted networks using firewall rules.
  • Implement input validation or length checks on the "GO" parameter if possible, to prevent excessively long inputs.
  • Update the firmware of the Tenda F451 device to a version that patches this vulnerability once available.
  • Monitor network traffic for exploit attempts and respond accordingly.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5991. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart