Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Tenda F451 1.0.0.7: Remote code execution through manipulated page input
CVE-2026-5989
Summary
A critical flaw in the Tenda F451 router's page handling code can allow an attacker to execute malicious code on the router. This could potentially allow the attacker to take control of the router. Update the router's firmware to the latest version to fix the issue.
Original title
A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer o...
Original description
A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
Published: 10 Apr 2026 · Updated: 10 Apr 2026 · First seen: 10 Apr 2026