Volerion logoVolerion
Volerion logoVolerion

Tenda FH451 Stack-Based Buffer Overflow Vulnerability in fromDhcpListClient Function Allowing Denial-of-Service

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Tenda FH451 router, specifically in version 1.0.0.9. The issue arises in the 'fromDhcpListClient' function, which is part of the device's CGI handler. This vulnerability allows attackers to cause a denial-of-service condition by sending a crafted HTTP request that exploits the 'list1' parameter. The overflow occurs because the parameter is not properly validated before being copied into a buffer, leading to a process crash or instability on the device.

Impact

Exploitation of this vulnerability causes a process crash or instability on the device, leading to a denial-of-service condition.

Reproduction

To reproduce this vulnerability, send a crafted HTTP request to the 'fromDhcpListClient' CGI endpoint. Include a long 'list1' parameter, such as 'a' repeated multiple times, and set 'LISTLEN' to 1. This will trigger the stack-based buffer overflow by overwriting the return address on the stack.

Added: Jun 8, 2026, 5:17 PM
Updated: Jun 8, 2026, 5:17 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
3.1
exploitability
9.1
remediation
0.0
relevance
9.6
threat
6.4
urgency
2.9
incentive
8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.