Tenda Fh451 Firmware vulnerabilities

CVE-2026-4534 [HIGH] CWE-119 CVE-2026-4534: A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.

CVE-2026-4535 [HIGH] CWE-119 CVE-2026-4535: A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function Wrlcl A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation of the argument GO leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2026-3678 [HIGH] CWE-119 CVE-2026-3678: A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function sub_3C434 of the fil A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function sub_3C434 of the file /goform/AdvSetWan. This manipulation of the argument wanmode/PPPOEPassword causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2026-3677 [HIGH] CWE-119 CVE-2026-3677: A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the function fromSetCfm of the file / A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the function fromSetCfm of the file /goform/setcfm. The manipulation of the argument funcname/funcpara1 results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.

CVE-2026-2911 [HIGH] CWE-119 CVE-2026-2911: A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown process A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7854 [HIGH] CWE-119 CVE-2025-7854: A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the functi A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7853 [HIGH] CWE-119 CVE-2025-7853: A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7855 [HIGH] CWE-119 CVE-2025-7855: A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerabil A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely.

CVE-2025-7806 [HIGH] CWE-119 CVE-2025-7806: A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. This vulnerability affects A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter. The manipulation of the argument Go/page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7805 [HIGH] CWE-119 CVE-2025-7805: A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the funct A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7792 [HIGH] CWE-119 CVE-2025-7792: A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7794 [HIGH] CWE-119 CVE-2025-7794: A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerabil A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7793 [HIGH] CWE-119 CVE-2025-7793: A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the functi A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary. The manipulation of the argument webSiteId leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7795 [HIGH] CWE-119 CVE-2025-7795: A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected b A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used

CVE-2025-7807 [HIGH] CWE-119 CVE-2025-7807: A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. This issue A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. This issue affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. The manipulation of the argument Go/page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7796 [HIGH] CWE-119 CVE-2025-7796: A vulnerability, which was classified as critical, was found in Tenda FH451 1.0.0.9. This affects th A vulnerability, which was classified as critical, was found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7747 [HIGH] CWE-119 CVE-2025-7747: A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the funct A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. The manipulation of the argument PPW leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and ma

CVE-2025-7505 [HIGH] CWE-119 CVE-2025-7505: A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the functi A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function frmL7ProtForm of the file /goform/L7Prot of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public

CVE-2025-7506 [HIGH] CWE-119 CVE-2025-7506: A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerabil A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to th

CVE-2025-7434 [HIGH] CWE-119 CVE-2025-7434: A vulnerability was found in Tenda FH451 up to 1.0.0.9 and classified as critical. Affected by this A vulnerability was found in Tenda FH451 up to 1.0.0.9 and classified as critical. Affected by this issue is the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to th