Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Tenda F451 Router 1.0.0.7: Remote Data Exposure Through Malformed Web Request
CVE-2026-6136
Summary
A misconfigured web interface in Tenda F451 routers makes it possible for an attacker to access unauthorized data by sending a manipulated web request. This is particularly concerning because it can be done from anywhere on the internet. Users should update their router to the latest available version to prevent exploitation.
Original title
A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to stack-base...
Original description
A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
Published: 13 Apr 2026 · Updated: 13 Apr 2026 · First seen: 13 Apr 2026