Sign-up

ID

VAR-202602-2374


CVE

CVE-2026-2911


TITLE

Shenzhen Tenda Technology Co.,Ltd. of fh451  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-004806

DESCRIPTION

A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-2911 // JVNDB: JVNDB-2026-004806

AFFECTED PRODUCTS

vendor:tendamodel:fh451scope:eqversion:1.0.0.9

Trust: 1.0

vendor:tendamodel:fh451scope:eqversion: -

Trust: 0.8

vendor:tendamodel:fh451scope:eqversion:fh451 firmware 1.0.0.9

Trust: 0.8

vendor:tendamodel:fh451scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-004806 // NVD: CVE-2026-2911

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-2911
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-004806
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-2911
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-004806
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-2911
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-004806
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-004806 // NVD: CVE-2026-2911

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-004806 // NVD: CVE-2026-2911

PATCH

title:Tenda FH451 V1.0.0.9 Buffer overflow vulnerability Vulnerability Research RepositoryVulnerability Research Repositoryurl:https://vuldb.com/?id.347220

Trust: 0.8

sources: JVNDB: JVNDB-2026-004806

EXTERNAL IDS

db:NVDid:CVE-2026-2911

Trust: 2.6

db:VULDBid:347220

Trust: 1.0

db:JVNDBid:JVNDB-2026-004806

Trust: 0.8

sources: JVNDB: JVNDB-2026-004806 // NVD: CVE-2026-2911

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/?id.347220

Trust: 1.0

url:https://vuldb.com/?ctiid.347220

Trust: 1.0

url:https://vuln.ricky.place/tenda/fh451/

Trust: 1.0

url:https://vuldb.com/?submit.755218

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-2911

Trust: 0.8

sources: JVNDB: JVNDB-2026-004806 // NVD: CVE-2026-2911

SOURCES

db:JVNDBid:JVNDB-2026-004806
db:NVDid:CVE-2026-2911

LAST UPDATE DATE

2026-02-26T23:44:45.489000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-004806date:2026-02-25T03:43:00
db:NVDid:CVE-2026-2911date:2026-02-23T20:21:22.323

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-004806date:2026-02-25T00:00:00
db:NVDid:CVE-2026-2911date:2026-02-22T04:15:59.383