CVE-2026-6137
Remote Stack-Based Buffer Overflow in Tenda F451 AdvSetWan
Publication date: 2026-04-13
Last updated on: 2026-04-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | f451_firmware | 1.0.0.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-6137 is a stack-based buffer overflow vulnerability found in the Tenda F451 router firmware version 1.0.0.7_cn_svn7958. It occurs in the fromAdvSetWan function, which processes user-supplied parameters such as "wanmode" and "PPPOEPassword." Specifically, when the "wanmode" parameter is set to certain values, the function does not properly validate the length of the input, leading to unchecked buffer handling.
An attacker can exploit this vulnerability remotely by sending a crafted HTTP POST request to the "/goform/AdvSetWan" endpoint with an excessively large "wanmode" parameter. This can cause a stack-based buffer overflow, potentially resulting in denial of service or remote code execution.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including denial of service (DoS) and remote code execution on the affected device. An attacker exploiting this flaw can crash the router or take control of it remotely, which may lead to network disruption, unauthorized access, or further compromise of connected systems.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP POST requests sent to the "/goform/AdvSetWan" endpoint, specifically those containing an unusually large or malformed "wanmode" parameter.
A practical detection method is to capture and analyze network traffic targeting the affected device, looking for POST requests with excessively long "wanmode" values, such as payloads with thousands of characters.
For example, using curl to test the vulnerability on a device might look like this:
- curl -X POST http://[device_ip]/goform/AdvSetWan -d "wanmode=$(python3 -c 'print("a"*2048)')&PPPOEPassword=test"
Alternatively, network administrators can use packet capture tools like tcpdump or Wireshark to filter HTTP POST requests to "/goform/AdvSetWan" and inspect the "wanmode" parameter length.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable device's management interface to trusted networks or IP addresses to prevent remote exploitation.
Disabling remote management or HTTP access to the "/goform/AdvSetWan" endpoint, if possible, can reduce the attack surface.
Applying any available firmware updates or patches from the vendor that address this vulnerability is strongly recommended.
In the absence of patches, monitoring and blocking suspicious HTTP POST requests with unusually large "wanmode" parameters using network security devices or web application firewalls can help mitigate exploitation attempts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the vulnerability in Tenda F451 affects compliance with common standards and regulations such as GDPR or HIPAA.