CVE-2026-11557
Description
Tenda F451 routers (v1.0.0.7, v1.0.0.9) have a stack buffer overflow in the web interface, allowing remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Tenda F451 routers (v1.0.0.7, v1.0.0.9) have a stack buffer overflow in the web interface, allowing remote code execution.
Vulnerability
A stack-based buffer overflow vulnerability exists in the web management interface of Tenda F451 routers, specifically affecting firmware versions v1.0.0.7 and v1.0.0.9. The vulnerability resides in the fromNatlimit function within the /goform/Natlimit endpoint. It is triggered by sending an overly long string in the page parameter, which is processed without proper validation, leading to a buffer overflow on the stack [1].
Exploitation
An attacker can exploit this vulnerability remotely without authentication. The attack involves sending a POST request to the /goform/Natlimit endpoint with a crafted, excessively long string as the value for the page parameter. This crafted input causes the stack buffer to overflow, potentially leading to code execution [1].
Impact
Successful exploitation of this vulnerability can result in a Denial of Service (DoS) or Remote Code Execution (RCE) on the affected Tenda F451 routers. This allows an attacker to gain control over the device or disrupt its normal operation [1].
Mitigation
No specific patched version or release date has been disclosed in the available references. Users are advised to check the vendor's official website for updates, though Tenda's website primarily lists product information and does not appear to offer direct firmware downloads or security advisories for this specific vulnerability [2]. It is unknown if a fix is available or if the product is end-of-life.
AI Insight generated on Jun 8, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The use of the unsafe sprintf function without input validation allows for a stack-based buffer overflow."
Attack vector
An attacker can remotely trigger this vulnerability by sending a POST request to the /goform/Natlimit endpoint. The request must contain a maliciously crafted, overly long string in the 'page' parameter. This parameter is processed by the fromNatlimit function without any length checks, leading to the overflow. Successful exploitation can result in Denial of Service or Remote Code Execution [ref_id=1].
Affected code
The vulnerability resides in the fromNatlimit function within the /goform/Natlimit file. This function processes the user-controlled 'page' parameter from POST requests. The critical flaw is the use of the sprintf function to format a URL string into a fixed-size stack buffer, which lacks validation or length checks on the input parameter [ref_id=1].
What the fix does
The advisory does not specify a patch or provide details on how the vulnerability is fixed. It is recommended to upgrade to a firmware version that addresses this issue, though no specific version is mentioned. Users should consult Tenda for updated firmware information.
Preconditions
- networkThe affected device must be reachable over the network.
- authThe attacker requires low privileges to exploit this vulnerability.
Reproduction
The following Python script demonstrates how to trigger the buffer overflow by sending a large payload via the page parameter. ```python import requests
host = "192.168.0.1:80"
def exploit_Natlimit(): url = f"http://{host}/goform/Natlimit" data = { b'page':b'A'*0x800 } res = requests.post(url=url,data=data) print(res.content)
exploit_Natlimit() ``` [ref_id=1]
Generated on Jun 8, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6News mentions
0No linked articles in our index yet.