CVE-2026-2911

HighPublic PoC

Published: 22 February 2026

Published

22 February 2026

Modified

23 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.5th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed…

to the public and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents buffer overflows by requiring validation of inputs to the vulnerable /goform/GstDhcpSetSer endpoint.

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of known flaws like this buffer overflow through firmware patching or upgrades.

SI-16 Memory Protection good match

prevent

Implements memory protections such as stack guards and non-executable memory to mitigate exploitation of buffer overflows.

Security SummaryAI

CVE-2026-2911 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting Tenda FH451 routers on firmware versions up to 1.0.0.9. The flaw occurs in the processing of the /goform/GstDhcpSetSer file or endpoint, enabling remote manipulation that triggers the overflow. Published on 2026-02-22, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), marking it as high severity.

The vulnerability can be exploited remotely by an attacker with low privileges, such as an authenticated user on the network. Low attack complexity and no user interaction are required, allowing exploitation over the network. Successful attacks can achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution or system compromise.

Advisories provide further details via VulDB entries (ctiid.347220, id.347220, submit.755218), vuln.ricky.place/Tenda/FH451/, and the Tenda vendor site (tenda.com.cn/). The exploit has been publicly disclosed and may be actively used by attackers.

Details

CWE(s): CWE-119 CWE-120

Affected Products

tenda

fh451 firmware

1.0.0.9

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in web management endpoint (/goform/GstDhcpSetSer) of Tenda FH451 router enables remote exploitation of a public-facing application for arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://vuldb.com/?ctiid.347220
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.347220
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.755218
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuln.ricky.place/Tenda/FH451/
Exploit, Third Party Advisory · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com