High-Severity Buffer Overflow Hits Tenda F451 Routers

The National Vulnerability Database (NVD) has issued an alert for CVE-2026-6136, a high-severity stack-based buffer overflow impacting Tenda F451 routers, specifically version 1.0.0.7_cn_svn7958. This isn’t some theoretical flaw; the NVD confirms a public exploit disclosure, meaning attackers could already be leveraging this. The vulnerability lies within the frmL7ImForm function of the /goform/L7Im file, where manipulating the page argument triggers the overflow.

Rated with a CVSSv3.1 score of 8.8 (HIGH), this vulnerability is remotely exploitable, requiring only low privileges (PR:L) and no user interaction (UI:N). This makes it a prime target for threat actors looking to gain a foothold on networks. The NVD attributes the flaw to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), classic memory corruption issues that often lead to arbitrary code execution. Given the widespread use of SOHO routers, this is a significant finding that demands attention.