CVE-2026-6121
Remote Stack-Based Buffer Overflow in Tenda F451 httpd Component
Publication date: 2026-04-12
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | f451_firmware | 1.0.0.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-6121 is a stack-based buffer overflow vulnerability found in the Tenda F451 router firmware version 1.0.0.7. It affects the WrlclientSet function in the httpd service, specifically the handling of the "GO" parameter in an HTTP POST request to the /goform/WrlclientSet endpoint.
The vulnerability occurs because the "GO" parameter is read into a variable without any length validation and then used in a sprintf call that writes into a fixed-size stack buffer. This can cause the buffer to overflow if the input is too long.
An attacker can exploit this remotely by sending a crafted HTTP POST request with an excessively long "GO" parameter, which can lead to denial of service or remote code execution.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including denial of service (DoS) and remote code execution (RCE).
- Denial of Service: An attacker can crash the device or disrupt its normal operation by triggering the buffer overflow.
- Remote Code Execution: The attacker may execute arbitrary code on the affected device, potentially gaining control over it.
Since the attack can be initiated remotely without user interaction, it poses a high risk to affected devices.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for HTTP POST requests sent to the endpoint "/goform/WrlclientSet" containing an excessively long "GO" parameter.
A practical detection method is to capture and analyze network traffic for such suspicious requests.
- Use a network packet capture tool like tcpdump or Wireshark to filter HTTP POST requests to "/goform/WrlclientSet".
- Example tcpdump command to capture relevant traffic: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/WrlclientSet'
- Inspect captured HTTP POST data for the "GO" parameter length; unusually long values (e.g., 2048 characters) indicate an exploit attempt.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint and monitoring for exploit attempts.
Specifically, you should:
- Block or filter HTTP POST requests to "/goform/WrlclientSet" from untrusted networks using firewall rules.
- Limit or disable remote access to the device's management interface if possible.
- Monitor logs and network traffic for suspicious requests with abnormally long "GO" parameters.
- Apply any available firmware updates from Tenda addressing this vulnerability.