Primary

Context

Tenda F451 Buffer Overflow Vulnerability in the HTTP Daemon

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Tenda F451 router, specifically in version 1.0.0.7. The issue arises in the HTTP daemon within the 'fromAddressNat' function, where user-supplied data in the 'entrys' parameter is processed without proper length validation. This oversight allows for remote exploitation, potentially leading to unauthorized code execution or a denial-of-service condition.

Impact

Exploitation of this vulnerability allows for remote code execution or a denial-of-service condition on the affected device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/addressNat' endpoint with a payload that includes a crafted 'entrys' parameter. The payload should be designed to exceed the buffer's capacity, causing a stack-based overflow. This can be done using a simple script that automates the process of sending the malicious payload.

Added: Apr 12, 2026, 9:18 AM

Updated: Apr 12, 2026, 9:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.2

remediation

0.0

relevance

5.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.2

remediation

0.0

relevance

5.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda F451 Buffer Overflow Vulnerability in the HTTP Daemon

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating