CVE-2026-6197
Remote Stack-Based Buffer Overflow in Tenda F456 Wireless Setup
Publication date: 2026-04-13
Last updated on: 2026-04-13
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | f456 | 1.0.0.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability CVE-2026-6197 allows remote attackers to execute arbitrary code or cause denial of service on the Tenda F456 router by exploiting a stack-based buffer overflow. This can lead to unauthorized access or disruption of network services.
Such unauthorized access or service disruption could potentially result in the exposure or loss of sensitive data, which may impact compliance with data protection regulations like GDPR or HIPAA. However, the provided information does not explicitly detail the direct effects on compliance with these standards.
Can you explain this vulnerability to me?
CVE-2026-6197 is a stack-based buffer overflow vulnerability found in the Tenda F456 router version 1.0.0.5. It occurs in the HTTP daemon's function formWrlsafeset when processing the user-supplied parameter "mit_ssid". This parameter is stored in a variable without proper bounds checking before being passed to the sprintf function, which can overflow the stack buffer.
An attacker can exploit this vulnerability remotely by sending a specially crafted HTTP POST request to the endpoint "/goform/AdvSetWrlsafeset" with an excessively long "mit_ssid" parameter, triggering the overflow.
How can this vulnerability impact me? :
Exploiting this vulnerability can allow an attacker to execute arbitrary code on the affected device remotely or cause a denial of service (DoS) by crashing the router.
- Remote code execution could lead to full compromise of the device.
- Denial of service could disrupt network connectivity by crashing the router.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted HTTP POST request to the endpoint "/goform/AdvSetWrlsafeset" with an excessively long "mit_ssid" parameter. If the device is vulnerable, this request may trigger a stack-based buffer overflow.
A detection command example using curl could be:
- curl -X POST http://[target_ip]/goform/AdvSetWrlsafeset -d "mit_ssid=$(python3 -c 'print("A"*1000)')"
This command sends a POST request with a very long "mit_ssid" parameter which may cause the vulnerable router to crash or behave abnormally, indicating the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Restrict remote access to the router's management interface to trusted networks only.
- Monitor network traffic for suspicious POST requests targeting "/goform/AdvSetWrlsafeset" with unusually long "mit_ssid" parameters.
- If possible, apply any available firmware updates or patches from the vendor addressing this vulnerability.
- As a temporary measure, disable remote management or block access to the vulnerable endpoint via firewall rules.