{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-6122/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-6122"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-6122","buffer-overflow","router","tenda"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical stack-based buffer overflow vulnerability has been identified in Tenda F451 router version 1.0.0.7. The vulnerability resides within the \u003ccode\u003efrmL7ProtForm\u003c/code\u003e function of the \u003ccode\u003e/goform/L7Prot\u003c/code\u003e component, specifically within the \u003ccode\u003ehttpd\u003c/code\u003e service. A remote attacker can exploit this flaw by crafting a malicious request targeting the \u003ccode\u003epage\u003c/code\u003e argument. Successful exploitation allows the attacker to execute arbitrary code on the device. Publicly available exploit code exists, increasing the risk of widespread exploitation. This vulnerability poses a significant threat to affected devices, potentially leading to full device compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable Tenda F451 router running firmware version 1.0.0.7.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP GET or POST request targeting the \u003ccode\u003e/goform/L7Prot\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe malicious request includes the \u003ccode\u003epage\u003c/code\u003e argument with a payload exceeding the buffer size allocated for it within the \u003ccode\u003efrmL7ProtForm\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ehttpd\u003c/code\u003e service processes the request without proper bounds checking on the \u003ccode\u003epage\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe oversized payload overflows the stack buffer during the execution of the \u003ccode\u003efrmL7ProtForm\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe buffer overflow overwrites adjacent memory regions on the stack, including the return address.\u003c/li\u003e\n\u003cli\u003eThe attacker-controlled return address redirects execution to attacker-supplied code or a return-oriented programming (ROP) chain.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary code on the router, potentially gaining full control of the device.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a remote attacker to execute arbitrary code on the affected Tenda F451 router. This can lead to a complete compromise of the device, allowing the attacker to modify router settings, intercept network traffic, or use the device as a bot in a botnet. Given the availability of public exploits, vulnerable devices are at high risk of compromise. The number of potentially affected devices is substantial, as the Tenda F451 is a widely used router model.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for requests to \u003ccode\u003e/goform/L7Prot\u003c/code\u003e with unusually long \u003ccode\u003epage\u003c/code\u003e parameters, deploying the Sigma rule \u003ccode\u003eDetect Tenda F451 Buffer Overflow Attempt\u003c/code\u003e to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eSince no patch is available, consider replacing the Tenda F451 1.0.0.7 with a more secure router or firewall solution.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the impact of a compromised router on other network devices.\u003c/li\u003e\n\u003cli\u003eDisable remote administration access to the router to reduce the attack surface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-12T08:16:37Z","date_published":"2026-04-12T08:16:37Z","id":"/briefs/2026-04-tenda-f451-overflow/","summary":"Tenda F451 router version 1.0.0.7 is vulnerable to a stack-based buffer overflow in the frmL7ProtForm function, enabling remote attackers to execute arbitrary code by manipulating the 'page' argument.","title":"Tenda F451 Router Stack-Based Buffer Overflow Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-tenda-f451-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-6122","version":"https://jsonfeed.org/version/1.1"}