{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6122", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-11T16:03:31.199Z", "datePublished": "2026-04-12T07:30:14.700Z", "dateUpdated": "2026-04-12T07:30:14.700Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-12T07:30:14.700Z"}, "title": "Tenda F451 httpd L7Prot frmL7ProtForm stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "F451", "versions": [{"version": "1.0.0.7", "status": "affected"}], "cpes": ["cpe:2.3:o:tenda:f451_firmware:*:*:*:*:*:*:*:*"], "modules": ["httpd"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-11T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-11T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-11T18:08:44.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Jxm666 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/356985", "name": "VDB-356985 | Tenda F451 httpd L7Prot frmL7ProtForm stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/356985/cti", "name": "VDB-356985 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/792872", "name": "Submit #792872 | Tenda F451_kfw_V1.0.0.7_cn_svn7958 V1.0.0.7 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Jimi-Lab/cve/issues/14", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."}], "id": "CVE-2026-6122", "lastModified": "2026-04-13T15:01:43.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-12T08:16:37.700", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/Jimi-Lab/cve/issues/14"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/792872"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/356985"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/356985/cti"}, {"source": "cna@vuldb.com", "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.7"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "F451", "source": "cna", "vendor": "Tenda"}, "product": "f451", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-12T09:50:29.676430+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s latest firmware update for the Tenda F451.", "If an update is not yet available, restrict or disable the httpd interface, limiting access to trusted IPs only.", "Continuously monitor device logs and network traffic for signs of exploitation attempts.", "Consider replacing the router with a newer model or a vendor that has addressed the vulnerability."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The only documented vulnerable system is the Tenda F451 router running firmware version 1.0.0.7. No other product or version identifiers are listed as affected.", "description_and_impact": "A stack\u2011based buffer overflow exists in the frmL7ProtForm function of the Tenda F451 firmware\u2019s httpd component. By manipulating the page argument sent to /goform/L7Prot, an attacker can corrupt the stack and gain arbitrary code execution. The vulnerability is a classic buffer overflow (CWE\u2011119) with stack corruption (CWE\u2011121).", "risk_and_exploitability": "The base severity score is 8.7, indicating a high\u2011impact flaw. The exploit is publicly disclosed and can be launched remotely through the web interface that hosts the vulnerable httpd component. While exploit probability data is unavailable and the flaw is not in the KEV catalog, the remote nature and high severity make it a significant risk for administrators who expose the device to untrusted networks."}}}}, "created": "2026-04-13T12:41:30.455474+00:00", "updated": "2026-04-13T12:56:09.917176+00:00", "vendors": ["tenda", "tenda$PRODUCT$f451"]}