CVE-2026-4534 is a stack-based buffer overflow vulnerability affecting Tenda FH451 routers running firmware version 1.0.0.9. The vulnerability resides in the formWrlExtraSet function, specifically in the handling of the GO argument passed to the /goform/WrlExtraSet endpoint. This flaw allows an attacker to send a specially crafted request that causes a stack overflow, potentially overwriting the return address or other control data on the stack. Because the vulnerable endpoint is accessible remotely and does not require user interaction or elevated privileges, the attack surface is broad. The CVSS v4.0 score of 8.7 reflects the high severity, with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The vulnerability impacts confidentiality, integrity, and availability by enabling remote code execution or denial of service. Although no confirmed exploits are currently active in the wild, a proof-of-concept exploit has been published, which may facilitate future attacks. The lack of an official patch at the time of disclosure increases the urgency for organizations to implement alternative mitigations or monitor for suspicious activity targeting this vulnerability.

The vulnerability allows remote attackers to execute arbitrary code or cause denial of service on affected Tenda FH451 routers. This can lead to full compromise of the device, enabling attackers to intercept, modify, or disrupt network traffic, pivot into internal networks, or establish persistent backdoors. The impact extends to confidentiality breaches through data interception, integrity violations by altering network configurations or traffic, and availability disruptions via device crashes or reboots. Organizations relying on these routers for critical network infrastructure face increased risk of espionage, data theft, or operational outages. The exploitability without authentication or user interaction broadens the scope of potential victims, including home users, small businesses, and enterprises using this hardware. Given the widespread use of Tenda devices in Asia and emerging markets, the threat could affect a large number of networks globally.

1. Immediately check for and apply any official firmware updates from Tenda addressing this vulnerability once available. 2. If patches are not yet released, restrict access to the router’s management interfaces by implementing network segmentation and firewall rules to block external access to the /goform/WrlExtraSet endpoint. 3. Disable remote management features on the affected devices if not required. 4. Monitor network traffic for unusual or malformed requests targeting the /goform/WrlExtraSet endpoint. 5. Employ intrusion detection/prevention systems (IDS/IPS) with signatures for this specific exploit or anomalous HTTP POST requests to the vulnerable endpoint. 6. Replace affected devices with models from vendors with a stronger security track record if long-term patching is uncertain. 7. Educate network administrators about this vulnerability and encourage rapid incident response readiness. 8. Maintain regular backups of router configurations to enable quick recovery in case of compromise.