CVE-2026-6120
Stack-Based Buffer Overflow in Tenda F451 HTTPD Enables Remote Attack
Publication date: 2026-04-12
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | f451_firmware | 1.0.0.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to serious impacts including denial of service (DoS), where the affected device may crash or become unresponsive.
More critically, it may allow an attacker to execute arbitrary code remotely on the affected Tenda F451 device, potentially taking full control over it.
This could compromise the security and functionality of your network, leading to unauthorized access, data interception, or further attacks within your network environment.
Can you explain this vulnerability to me?
CVE-2026-6120 is a stack-based buffer overflow vulnerability found in the Tenda F451 router firmware version 1.0.0.7. It occurs in the fromDhcpListClient function of the httpd service, specifically when processing the "page" parameter in an HTTP POST request to the /goform/DhcpListClient endpoint.
The vulnerability arises because the "page" parameter is passed directly to the sprintf function without any bounds checking, allowing an attacker to overflow the buffer by sending an excessively long string.
This can be exploited remotely by sending a specially crafted HTTP POST request with a very long "page" parameter, potentially causing a denial of service or enabling arbitrary remote code execution on the device.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP POST requests sent to the endpoint "/goform/DhcpListClient" that contain an excessively long "page" parameter.
A detection method involves capturing network traffic and inspecting POST requests to this endpoint for unusually large payloads in the "page" parameter, which may indicate an attempt to exploit the stack-based buffer overflow.
For example, using command-line tools like curl or wget, you can simulate or detect such requests.
- Use a network packet capture tool such as tcpdump or Wireshark to filter HTTP POST requests to "/goform/DhcpListClient".
- Example tcpdump command to capture relevant traffic: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/DhcpListClient'
- Use curl to test the endpoint with a long "page" parameter to verify if the system is vulnerable: curl -X POST http://<target-ip>/goform/DhcpListClient -d 'page=$(python3 -c "print('a'*2048)")'
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint "/goform/DhcpListClient" to trusted networks only, such as by using firewall rules or access control lists.
Additionally, monitoring and blocking HTTP POST requests with unusually large "page" parameters can help prevent exploitation.
If possible, update the firmware of the Tenda F451 device to a version that patches this vulnerability, which can be obtained from Tenda's official site.
Until a patch is applied, consider disabling the httpd service or the vulnerable functionality if feasible.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the vulnerability in Tenda F451 1.0.0.7 impacts compliance with common standards and regulations such as GDPR or HIPAA.