{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2911", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-20T20:16:11.075Z", "datePublished": "2026-02-22T03:02:09.585Z", "dateUpdated": "2026-02-23T19:16:47.962Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-22T03:02:09.585Z"}, "title": "Tenda FH451 GstDhcpSetSer buffer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "FH451", "versions": [{"version": "1.0.0.0", "status": "affected"}, {"version": "1.0.0.1", "status": "affected"}, {"version": "1.0.0.2", "status": "affected"}, {"version": "1.0.0.3", "status": "affected"}, {"version": "1.0.0.4", "status": "affected"}, {"version": "1.0.0.5", "status": "affected"}, {"version": "1.0.0.6", "status": "affected"}, {"version": "1.0.0.7", "status": "affected"}, {"version": "1.0.0.8", "status": "affected"}, {"version": "1.0.0.9", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-20T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-20T21:21:16.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "smitug01 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.347220", "name": "VDB-347220 | Tenda FH451 GstDhcpSetSer buffer overflow", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.347220", "name": "VDB-347220 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.755218", "name": "Submit #755218 | Tenda FH451 V1.0.0.9 Buffer overflow vulnerability", "tags": ["third-party-advisory"]}, {"url": "https://vuln.ricky.place/Tenda/FH451/", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-23T19:16:32.714572Z", "id": "CVE-2026-2911", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T19:16:47.962Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2911", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-23T19:16:32.714572Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T19:16:41.140Z"}}], "cna": {"title": "Tenda FH451 GstDhcpSetSer buffer overflow", "credits": [{"lang": "en", "type": "reporter", "value": "smitug01 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Tenda", "product": "FH451", "versions": [{"status": "affected", "version": "1.0.0.0"}, {"status": "affected", "version": "1.0.0.1"}, {"status": "affected", "version": "1.0.0.2"}, {"status": "affected", "version": "1.0.0.3"}, {"status": "affected", "version": "1.0.0.4"}, {"status": "affected", "version": "1.0.0.5"}, {"status": "affected", "version": "1.0.0.6"}, {"status": "affected", "version": "1.0.0.7"}, {"status": "affected", "version": "1.0.0.8"}, {"status": "affected", "version": "1.0.0.9"}]}], "timeline": [{"lang": "en", "time": "2026-02-20T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-20T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-20T21:21:16.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.347220", "name": "VDB-347220 | Tenda FH451 GstDhcpSetSer buffer overflow", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.347220", "name": "VDB-347220 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.755218", "name": "Submit #755218 | Tenda FH451 V1.0.0.9 Buffer overflow vulnerability", "tags": ["third-party-advisory"]}, {"url": "https://vuln.ricky.place/Tenda/FH451/", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-22T03:02:09.585Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2911", "state": "PUBLISHED", "dateUpdated": "2026-02-23T19:16:47.962Z", "dateReserved": "2026-02-20T20:16:11.075Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-22T03:02:09.585Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:fh451_firmware:1.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "A7521568-7BCD-43F8-9F20-440DF3919D5D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:fh451:-:*:*:*:*:*:*:*", "matchCriteriaId": "97A8BF83-E42A-4D6B-A52D-146FE1AEE2B0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en Tenda FH451 hasta 1.0.0.9. Este problema afecta a alg\u00fan procesamiento desconocido del archivo /goform/GstDhcpSetSer. La manipulaci\u00f3n conduce a desbordamiento de b\u00fafer. Es posible iniciar el ataque remotamente. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado."}], "id": "CVE-2026-2911", "lastModified": "2026-02-23T20:21:22.323", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-22T04:15:59.383", "references": [{"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.347220"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.347220"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.755218"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://vuln.ricky.place/Tenda/FH451/"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-120"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.9"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FH451", "source": "cna", "vendor": "Tenda"}, "product": "fh451", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-18T11:13:48.658826+00:00", "value": {"mitigation_remediation": ["Deploy a firmware patch that addresses the buffer overflow on the Tenda FH451, ensuring the device is updated to a version that removes the vulnerable code. ", "Limit access to the router\u2019s web interface by restricting incoming traffic to trusted IP ranges or by placing the device behind a network firewall with strict ingress rules. ", "If a firmware update is unavailable, block or disable the /goform/GstDhcpSetSer endpoint by applying access-control lists or by isolating the DHCP configuration through alternative methods provided by the manufacturer."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability impacts Tenda FH451 routers running firmware versions up to 1.0.0.9, inclusive. Users of earlier firmware revisions may also be vulnerable if the affected code is present. The fault occurs in the router's web\u2011based administration interface, which provides DHCP configuration through the referenced endpoint.", "description_and_impact": "A buffer overflow exists in the Tenda FH451 router when processing requests to the /goform/GstDhcpSetSer endpoint. The flaw allows an attacker to supply data that exceeds the intended buffer size, potentially overwriting control data on the stack and enabling arbitrary code execution or device compromise. The underlying weakness corresponds to CWE\u2011119 (improper memory handling) and CWE\u2011120 (unsafe stack manipulation).", "risk_and_exploitability": "The CVSS score of 8.7 indicates a high severity level, while the EPSS score of less than 1% reflects a low probability of exploitation at this time. The flaw can be triggered remotely by sending a crafted request to the exposed web interface; based on the description, it is inferred that authentication may not be required, but this is not explicitly stated. Although the vulnerability is not listed in the CISA KEV catalog, the combination of remote attack surface and potential for full device takeover makes it a priority for remediation."}}}}, "created": "2026-02-23T14:29:39.207624+00:00", "updated": "2026-04-18T11:15:35.919699+00:00", "vendors": ["tenda", "tenda$PRODUCT$fh451"]}