CVE-2026-6136
Remote Stack-Based Buffer Overflow in Tenda F451 /goform/L7Im
Publication date: 2026-04-13
Last updated on: 2026-04-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | f451_firmware | 1.0.0.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability in Tenda F451 1.0.0.7_cn_svn7958 related to the frmL7ImForm function, immediate steps include restricting remote access to the affected endpoint /goform/L7Im to prevent exploitation.
Additionally, monitoring network traffic for unusual POST requests containing large payloads to the "page" parameter can help detect exploitation attempts.
Applying any available firmware updates or patches from the vendor that address this buffer overflow vulnerability is strongly recommended once they become available.
If patching is not immediately possible, consider disabling or limiting the HTTP service that processes the vulnerable function or isolating the device from untrusted networks.
Can you explain this vulnerability to me?
CVE-2026-6136 is a security vulnerability found in the Tenda F451 firmware version 1.0.0.7. It exists in the function frmL7ImForm, specifically in the handling of the "page" parameter within the /goform/L7Im endpoint. The vulnerability occurs because the user-supplied input is passed to the sprintf function without any bounds checking, leading to a stack-based buffer overflow.
This means that an attacker can send a specially crafted request with a very large "page" parameter, causing the device to overwrite parts of its memory. This can result in denial of service or potentially allow the attacker to execute arbitrary code remotely.
How can this vulnerability impact me? :
Exploiting this vulnerability can have serious impacts including causing the device to crash or become unresponsive (denial of service). More critically, it may allow an attacker to execute arbitrary code remotely on the affected device.
This could lead to unauthorized control over the device, potentially compromising the network it is connected to, intercepting or manipulating data, or using the device as a foothold for further attacks.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a specially crafted POST request to the endpoint /goform/L7Im with the "page" parameter containing a large payload (e.g., 2048 bytes of the character 'a'). If the device is vulnerable, this may trigger a stack-based buffer overflow.
A detection command example using curl would be:
- curl -X POST http://<target-ip>/goform/L7Im -d "page=$(python3 -c 'print("a"*2048)')"
Monitoring for unusual crashes or denial of service behavior on the device after sending such requests can also indicate the presence of the vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the vulnerability CVE-2026-6136 impacts compliance with common standards and regulations such as GDPR or HIPAA.