{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6630", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-19T17:05:40.608Z", "datePublished": "2026-04-20T10:30:15.493Z", "dateUpdated": "2026-04-20T13:27:03.711Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-20T10:30:15.493Z"}, "title": "Tenda F451 httpd GstDhcpSetSer fromGstDhcpSetSer buffer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "F451", "versions": [{"version": "1.0.0.7_cn_svn7958", "status": "affected"}], "cpes": ["cpe:2.3:o:tenda:f451_firmware:*:*:*:*:*:*:*:*"], "modules": ["httpd"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-19T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-19T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-19T19:10:46.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Jxm666 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/358264", "name": "VDB-358264 | Tenda F451 httpd GstDhcpSetSer fromGstDhcpSetSer buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/358264/cti", "name": "VDB-358264 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/792882", "name": "Submit #792882 | Tenda F451_kfw_V1.0.0.7_cn_svn7958 V1.0.0.7 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Jimi-Lab/cve/issues/23", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T13:26:56.895256Z", "id": "CVE-2026-6630", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T13:27:03.711Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6630", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-20T13:26:56.895256Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T13:26:59.977Z"}}], "cna": {"title": "Tenda F451 httpd GstDhcpSetSer fromGstDhcpSetSer buffer overflow", "credits": [{"lang": "en", "type": "reporter", "value": "Jxm666 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:o:tenda:f451_firmware:*:*:*:*:*:*:*:*"], "vendor": "Tenda", "modules": ["httpd"], "product": "F451", "versions": [{"status": "affected", "version": "1.0.0.7_cn_svn7958"}]}], "timeline": [{"lang": "en", "time": "2026-04-19T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-19T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-19T19:10:46.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/358264", "name": "VDB-358264 | Tenda F451 httpd GstDhcpSetSer fromGstDhcpSetSer buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/358264/cti", "name": "VDB-358264 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/792882", "name": "Submit #792882 | Tenda F451_kfw_V1.0.0.7_cn_svn7958 V1.0.0.7 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Jimi-Lab/cve/issues/23", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-20T10:30:15.493Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6630", "state": "PUBLISHED", "dateUpdated": "2026-04-20T13:27:03.711Z", "dateReserved": "2026-04-19T17:05:40.608Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-20T10:30:15.493Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used."}], "id": "CVE-2026-6630", "lastModified": "2026-04-22T20:22:50.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-20T11:16:19.407", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/Jimi-Lab/cve/issues/23"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/792882"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358264"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358264/cti"}, {"source": "cna@vuldb.com", "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-120"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.7_cn_svn7958"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "F451", "source": "cna", "vendor": "Tenda"}, "product": "f451", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-20T11:50:26.216667+00:00", "value": {"mitigation_remediation": ["Upgrade the device to the latest firmware release from Tenda that contains the buffer\u2011overflow fix.", "If an update is not yet available, block access to the /goform/GstDhcpSetSer endpoint with a firewall or router ACL to prevent malicious POST requests.", "Enforce strict input validation on DHCP configuration interfaces to ensure the dips parameter length is bounded and cannot overflow memory."], "summary": {"action": "Immediate Patch", "impact": "Remote Buffer Overflow"}, "threat_synthesis": {"affected_systems": "Tenda F451 routers running firmware 1.0.0.7_cn_svn7958 are impacted. The vulnerability exists only in this specific build exposed at /goform/GstDhcpSetSer and there is no evidence of other affected versions.", "description_and_impact": "A vulnerability was identified in the Tenda F451 router firmware 1.0.0.7_cn_svn7958, specifically in the fromGstDhcpSetSer function of the httpd component. The function fails to properly validate the `dips` argument, allowing a crafted HTTP request to the /goform/GstDhcpSetSer endpoint to overflow a buffer. This flaw could lead to memory corruption. While the CVE description does not explicitly state the resulting effect, publicly available exploit information demonstrates that the overflow can be triggered remotely through HTTP requests, confirming that the vulnerability is exploitable over the network.", "risk_and_exploitability": "The CVSS score of 8.7 reflects a high severity, while no EPSS score is provided, leaving the current exploitation likelihood unclear. Nevertheless, the flaw is accessed via remote HTTP requests and a public exploit is available, indicating that attackers can reach the target over the network. The vulnerability is not listed in CISA\u2019s KEV catalog, but the public exploit makes the threat real, and immediate mitigation is advised."}}}}, "created": "2026-04-20T11:30:05.324076+00:00", "updated": "2026-04-20T12:00:05.958227+00:00", "vendors": ["tenda", "tenda$PRODUCT$f451"]}