CVE-2026-11557
Received Received - Intake
Stack-Based Buffer Overflow in Tenda F451 Web Management Interface

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: VulDB

Description
A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-09
AI Q&A
2026-06-08
EPSS Evaluated
N/A
NVD
CVE-2026-11557
EUVD
EUVD-2026-35180
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
tenda f451 to 1.0.0.9 (exc)
tenda f451 to 1.0.0.7 (inc)
tenda f451 to 1.0.0.9 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stack-based buffer overflow found in the web management interface of the Tenda F451 router, specifically in the fromNatlimit function of the /goform/Natlimit endpoint.

It occurs when a maliciously crafted, overly long string is sent as the page parameter. The vulnerability arises because the function uses the sprintf function unsafely, copying user input into a fixed-size stack buffer without proper validation.

This flaw can be exploited remotely by an attacker to cause a denial of service or potentially execute arbitrary code on the device.

Impact Analysis

Exploitation of this vulnerability can lead to serious impacts including denial of service (DoS), where the router becomes unresponsive or crashes.

More critically, it can allow remote code execution (RCE), enabling an attacker to run arbitrary code on the affected device, potentially taking full control of the router.

This could compromise the security and integrity of your network, allowing attackers to intercept, modify, or disrupt network traffic.

Detection Guidance

This vulnerability can be detected by sending a specially crafted HTTP request to the /goform/Natlimit endpoint of the Tenda F451 router's web management interface. The detection involves checking if the device improperly handles an overly long string in the page parameter, which triggers the stack-based buffer overflow.

A practical approach is to use a script or command that sends a large payload to the page parameter and observes the response or behavior of the device.

  • Use curl or similar tools to send a long string in the page parameter, for example: curl -X POST 'http://<router-ip>/goform/Natlimit' -d 'page=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
  • Monitor the device for crashes, reboots, or abnormal behavior after sending the request, which indicates the presence of the vulnerability.

Additionally, a proof-of-concept Python script is available that automates this detection by sending a large payload to the vulnerable parameter.

Mitigation Strategies

Immediate mitigation steps include restricting access to the web management interface of the Tenda F451 router to trusted networks or IP addresses only.

Avoid exposing the router's management interface to the internet or untrusted networks to reduce the risk of remote exploitation.

Monitor the router for unusual behavior such as crashes or reboots that may indicate exploitation attempts.

Check for firmware updates or patches from the vendor that address this vulnerability and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11557. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart