Tenda F451 Router Hit with High-Severity Buffer Overflow

The National Vulnerability Database (NVD) has spotlighted a critical stack-based buffer overflow vulnerability, CVE-2026-6122, impacting the Tenda F451 router, specifically version 1.0.0.7. This bug resides within the frmL7ProtForm function of the /goform/L7Prot component, tied to the httpd service.

Manipulation of the page argument can lead to a stack-based buffer overflow, a classic exploit vector that often enables remote code execution. With a CVSS score of 8.8 (HIGH), this isn’t some theoretical flaw; the NVD notes that an exploit has already been publicly disclosed, meaning it’s likely being actively weaponized in the wild. This makes it a prime target for opportunistic attackers looking to gain a foothold into vulnerable networks, often a precursor to more sophisticated attacks.

While the NVD didn’t specify affected products beyond the Tenda F451 1.0.0.7, it’s a stark reminder that consumer-grade network gear often becomes a soft underbelly for perimeter defenses. These devices, often deployed with default configurations and rarely patched, are low-hanging fruit for attackers.