This remote stack-based buffer overflow vulnerability impacts the QoS setting functionality of Tenda F451 wireless routers. The flaw resides in the `fromqossetting` function at the `/goform/qossetting` endpoint. Remote attackers can exploit this by manipulating the `qos` argument to trigger memory corruption, resulting in potential code execution or device crash.
Remediation
Restrict management interface access to trusted local networks only, and do not expose the affected router to public untrusted networks. Check for official firmware updates from Tenda regularly. Isolate the device from the internet if no update can be applied.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.