{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5992/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-5992"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["F451"],"_cs_severities":["critical"],"_cs_tags":["tenda","buffer-overflow","cve-2026-5992"],"_cs_type":"advisory","_cs_vendors":["Tenda"],"content_html":"\u003cp\u003eCVE-2026-5992 is a critical stack-based buffer overflow vulnerability affecting Tenda F451 version 1.0.0.7. The vulnerability resides within the \u003ccode\u003efromP2pListFilter\u003c/code\u003e function of the \u003ccode\u003e/goform/P2pListFilter\u003c/code\u003e file. Attackers can remotely exploit this flaw by manipulating the \u003ccode\u003epage\u003c/code\u003e argument, potentially leading to arbitrary code execution. Publicly available exploits exist, increasing the likelihood of exploitation. Given the prevalence of Tenda routers and the ease of remote exploitation, this vulnerability poses a significant risk to home and small business networks. Successful exploitation could allow attackers to gain complete control of the affected device, leading to data theft, network compromise, and potential use in botnet activities. Defenders should prioritize detection and mitigation efforts to prevent exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Tenda F451 router running firmware version 1.0.0.7.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/goform/P2pListFilter\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a \u003ccode\u003epage\u003c/code\u003e argument with a payload exceeding the buffer size allocated for it in the \u003ccode\u003efromP2pListFilter\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe router processes the malicious HTTP request, triggering the stack-based buffer overflow within the \u003ccode\u003efromP2pListFilter\u003c/code\u003e function due to insufficient bounds checking on the \u003ccode\u003epage\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe overflow overwrites adjacent memory regions on the stack, including the return address.\u003c/li\u003e\n\u003cli\u003eWhen the \u003ccode\u003efromP2pListFilter\u003c/code\u003e function returns, it jumps to the address overwritten by the attacker-controlled payload.\u003c/li\u003e\n\u003cli\u003eThe attacker-controlled payload executes arbitrary code on the router, such as downloading and executing a malicious binary from a remote server or modifying router configuration.\u003c/li\u003e\n\u003cli\u003eThe attacker gains complete control of the router, enabling them to perform malicious activities such as eavesdropping on network traffic, modifying DNS settings, or using the router as part of a botnet.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5992 allows remote attackers to gain complete control of vulnerable Tenda F451 routers. This can lead to a variety of malicious activities, including data theft, network compromise, and botnet recruitment. Given the widespread use of Tenda routers, a large number of devices are potentially at risk. If attackers successfully exploit this vulnerability, they can perform man-in-the-middle attacks, redirect users to malicious websites, and compromise connected devices on the network.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for HTTP requests targeting the \u003ccode\u003e/goform/P2pListFilter\u003c/code\u003e endpoint with unusually long \u003ccode\u003epage\u003c/code\u003e parameters to detect potential exploitation attempts. Use the Sigma rule \u003ccode\u003eTenda F451 P2P Filter Buffer Overflow Attempt\u003c/code\u003e to identify this behavior.\u003c/li\u003e\n\u003cli\u003eDeploy network intrusion detection systems (IDS) rules to detect exploitation attempts targeting CVE-2026-5992.\u003c/li\u003e\n\u003cli\u003eUnfortunately, there is no patch available as of this writing, and the device is end-of-life. Consider replacing the affected device.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-23T10:00:00Z","date_published":"2024-01-23T10:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-tenda-buffer-overflow/","summary":"Tenda F451 version 1.0.0.7 is vulnerable to a stack-based buffer overflow in the fromP2pListFilter function, allowing remote attackers to execute arbitrary code by manipulating the 'page' argument in the /goform/P2pListFilter file.","title":"Tenda F451 Stack-Based Buffer Overflow Vulnerability (CVE-2026-5992)","url":"https://feed.craftedsignal.io/briefs/2024-01-tenda-buffer-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed - Cve-2026-5992","version":"https://jsonfeed.org/version/1.1"}