HIGH 7.5

CVE-2026-36785: Tenda FH451 Stack Overflow DoS Vulnerability – Patch & Detection Guide

A stack overflow vulnerability in Tenda FH451 routers (version 1.0.0.9) allows remote attackers to crash the device without authentication. The flaw resides in how the router processes the 'page' parameter in the fromDhcpListClient function, enabling denial-of-service attacks via specially crafted HTTP requests. An attacker on the network can exploit this to disrupt router availability, potentially affecting all devices relying on that router for connectivity.

Source data · NVD / CISA · public domain

CVSS
3.1 · 7.5 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weaknesses (CWE)
CWE-121
Affected products
0 configuration(s)
Published / Modified
2026-06-05 / 2026-06-17

NVD description (verbatim)

Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

2 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-36785 is a stack-based buffer overflow (CWE-121) in Tenda FH451 V1.0.0.9's fromDhcpListClient function. The vulnerability is triggered by unsanitized user input in the 'page' HTTP parameter, which overflows the stack and causes memory corruption. The attack vector is network-based with no authentication required, low attack complexity, and no user interaction needed. The result is denial of service through application crash or system hang.

Business impact

Routers affected by this vulnerability become unstable and unreliable, disrupting internet access for end users and dependent services. In enterprise environments, compromised Tenda FH451 devices could cause widespread connectivity outages, impacting productivity and customer-facing systems. Organizations cannot guarantee network uptime until remediation is applied. The vulnerability does not enable data theft or integrity compromise, limiting impact to availability.

Affected systems

Tenda FH451 running firmware version 1.0.0.9 is confirmed vulnerable. Organizations should verify whether this router model is deployed in their infrastructure, particularly in branch offices, remote sites, or smaller deployments where Tenda equipment is common. The vendor product information was not provided in the advisory; check Tenda's official documentation to determine whether other FH451 firmware versions or related models are similarly affected.

Exploitability

This vulnerability presents a moderate exploitation barrier despite its network accessibility. An attacker requires the ability to craft a specific HTTP request targeting the DHCP client listing function—not a trivial task without reverse-engineering or public proof-of-concept code. However, no authentication is required and the attack can be launched remotely. The lack of CISA KEV designation suggests either limited active exploitation observed in the wild or insufficient public awareness. Nonetheless, the low technical barrier once exploit details emerge warrants proactive patching.

Remediation

Contact Tenda support to obtain a patched firmware version for the FH451 router. Verify against Tenda's security advisory for the exact version number and upgrade path. If a patch is unavailable, consider isolating affected routers from untrusted networks or replacing them with devices from vendors maintaining active security support. Document firmware versions in your inventory to prevent re-deployment of vulnerable units.

Patch guidance

Check Tenda's official support portal and security advisories for a fixed firmware release addressing CVE-2026-36785. Follow Tenda's recommended upgrade procedure, which typically involves downloading the firmware image, backing up configuration, and performing a factory reset if instructed. Test the upgrade on a non-critical device first. Verify the new firmware version is confirmed as patched before rolling out across your deployment. If the vendor has not released a patch, document the business risk and implement compensating controls.

Detection guidance

Monitor for HTTP requests to the fromDhcpListClient function with abnormally long or malformed 'page' parameters. Network intrusion detection systems (IDS) should flag attempts to exploit buffer overflows on Tenda FH451 devices. Log HTTP requests to the router's web interface and alert on patterns suggesting exploitation. Consider running port scans to identify FH451 routers in your environment and verify their firmware versions. Baseline normal DHCP client listing queries and flag deviations.

Why prioritize this

This vulnerability ranks as high-priority due to its CVSS 7.5 score, network accessibility, and lack of authentication barriers. While not yet listed on CISA's KEV catalog, the ease of triggering a denial-of-service condition makes it attractive to attackers seeking to disrupt services. Organizations with Tenda FH451 routers should prioritize patching or replacement within their normal maintenance windows. The impact is limited to availability, not confidentiality or integrity, which tempers urgency slightly compared to remote code execution flaws.

Risk score, explained

The CVSS 3.1 score of 7.5 (HIGH) reflects a network-accessible vulnerability with no authentication or user interaction required, resulting in high availability impact. The attack complexity is low, and the scope is unchanged. The absence of confidentiality or integrity impact prevents a critical rating. The score aligns with a remotely exploitable denial-of-service flaw in network infrastructure equipment where rapid availability restoration is essential.

Frequently asked questions

Is my Tenda FH451 vulnerable if I'm not running version 1.0.0.9?

The advisory specifically mentions version 1.0.0.9. Earlier and potentially later versions may also be affected, but you must verify against Tenda's official security advisory to confirm. Contact Tenda support or check their security page for a complete list of affected versions.

Can this vulnerability be exploited from outside my network?

Yes. The vulnerability is network-accessible without authentication, so an attacker on any network segment with HTTP access to the router can attempt exploitation. This includes internet-facing routers or those reachable from untrusted LANs.

Will a patch be released, or should I replace the device?

Tenda has not provided patch details in the current advisory. Monitor Tenda's support channels for firmware updates. If no patch is released within a reasonable timeframe (coordinate with your vendor), device replacement may be necessary to maintain a secure infrastructure.

How can I identify if I have Tenda FH451 routers?

Conduct a network inventory scan using NMAP or your asset management tool to identify devices by their HTTP banners and model information. Log into your router's admin interface to verify the exact model and firmware version, then cross-reference against Tenda's affected products list.

This analysis is provided for informational purposes and reflects publicly disclosed information as of the publication date. SEC.co makes no warranty regarding the accuracy, completeness, or timeliness of this content. Verify all remediation and detection guidance against the vendor's official security advisory and your organization's specific environment. CVSS scores and vulnerability classifications reflect industry standards but may not fully represent risk in your context. Implement changes only after testing in a non-production environment and coordinating with relevant stakeholders. Source: NVD (public-domain), retrieved 2026-07-14. Analysis generated by SEC.co (claude-haiku-4-5).