{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6135", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-12T07:22:43.463Z", "datePublished": "2026-04-12T23:15:12.163Z", "dateUpdated": "2026-04-13T15:21:51.683Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-12T23:15:12.163Z"}, "title": "Tenda F451 SetIpBind fromSetIpBind stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "F451", "versions": [{"version": "1.0.0.7_cn_svn7958", "status": "affected"}], "cpes": ["cpe:2.3:o:tenda:f451_firmware:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-12T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-12T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-12T09:27:49.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Jxm666 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/356999", "name": "VDB-356999 | Tenda F451 SetIpBind fromSetIpBind stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/356999/cti", "name": "VDB-356999 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/792877", "name": "Submit #792877 | Tenda F451_kfw_V1.0.0.7_cn_svn7958 V1.0.0.7 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Jimi-Lab/cve/issues/19", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T15:21:43.503409Z", "id": "CVE-2026-6135", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T15:21:51.683Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6135", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-13T15:21:43.503409Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T15:21:48.147Z"}}], "cna": {"title": "Tenda F451 SetIpBind fromSetIpBind stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "Jxm666 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:o:tenda:f451_firmware:*:*:*:*:*:*:*:*"], "vendor": "Tenda", "product": "F451", "versions": [{"status": "affected", "version": "1.0.0.7_cn_svn7958"}]}], "timeline": [{"lang": "en", "time": "2026-04-12T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-12T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-12T09:27:49.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/356999", "name": "VDB-356999 | Tenda F451 SetIpBind fromSetIpBind stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/356999/cti", "name": "VDB-356999 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/792877", "name": "Submit #792877 | Tenda F451_kfw_V1.0.0.7_cn_svn7958 V1.0.0.7 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Jimi-Lab/cve/issues/19", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-12T23:15:12.163Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6135", "state": "PUBLISHED", "dateUpdated": "2026-04-13T15:21:51.683Z", "dateReserved": "2026-04-12T07:22:43.463Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-12T23:15:12.163Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:f451_firmware:1.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "3231AE19-EF18-4B9E-B0FD-8DA6254FB822", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:f451:-:*:*:*:*:*:*:*", "matchCriteriaId": "35ABD8C6-9D5E-45A3-983B-73ACCF9A74F7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks."}], "id": "CVE-2026-6135", "lastModified": "2026-04-30T12:36:52.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-13T00:16:20.880", "references": [{"source": "cna@vuldb.com", "tags": ["Broken Link"], "url": "https://github.com/Jimi-Lab/cve/issues/19"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/submit/792877"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/vuln/356999"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/vuln/356999/cti"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.7_cn_svn7958"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "F451", "source": "cna", "vendor": "Tenda"}, "product": "f451", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-13T00:20:35.761776+00:00", "value": {"mitigation_remediation": ["Download and flash the latest firmware version from Tenda\u2019s official website that addresses the stack overflow flaw.", "If an updated firmware is not yet available, block or restrict external access to the /goform/SetIpBind endpoint using firewall rules or web\u2011application firewalls.", "Disable remote web management on the router or limit it to trusted internal IP addresses until a patch is applied.", "Monitor router logs for abnormal requests to /goform/SetIpBind and investigate any suspicious activity promptly.", "Contact Tenda support for guidance on temporary mitigations if the above measures are insufficient."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Vulnerable equipment is the Tenda F451 router running firmware 1.0.0.7_cn_svn7958. No other product versions are listed, and the issue is specific to this firmware build.", "description_and_impact": "A stack-based buffer overflow exists in the fromSetIpBind function of the /goform/SetIpBind page on Tenda F451 routers. By sending a crafted \"page\" argument from a remote location, an attacker can trigger a buffer overflow that may lead to arbitrary code execution. The vulnerability is classified under CWE\u2011119 (Buffer Overflow) and CWE\u2011121 (Stack Smashing). The exploit is publicly available and can be performed over the network without physical access.", "risk_and_exploitability": "The CVSS score of 8.7 indicates high severity, and although the EPSS score is not available, the public availability of the exploit and the ability to initiate the attack remotely make the risk significant. The vulnerability is not listed in CISA\u2019s KEV catalog, but its remote nature and high CVSS warrant urgent attention. Exploitation requires only sending a malicious request to the router\u2019s web interface; no special credentials are required, making the attack path comparatively straightforward."}}}}, "created": "2026-04-13T12:38:05.463487+00:00", "updated": "2026-04-13T12:53:53.040896+00:00", "vendors": ["tenda", "tenda$PRODUCT$f451"]}