Primary

Context

Tenda F451 Stack-Based Buffer Overflow Vulnerability in WrlclientSet Function

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Tenda F451 router, specifically in version 1.0.0.7. The issue arises in the WrlclientSet function within the httpd component, where the user-provided parameter 'GO' is processed without proper length validation. This oversight allows for a buffer overflow, which can be exploited remotely, potentially leading to a denial-of-service condition or arbitrary code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can disrupt normal operation or allow for the execution of malicious code.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/WrlclientSet' endpoint with a 'GO' parameter that is excessively long. This can be done using a script or tool that automates the process of sending HTTP requests, such as Python with the Requests library.

Added: Apr 12, 2026, 8:18 AM

Updated: Apr 12, 2026, 8:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.2

remediation

0.0

relevance

5.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.2

remediation

0.0

relevance

5.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda F451 Stack-Based Buffer Overflow Vulnerability in WrlclientSet Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating