CVE-2026-4535 is a stack-based buffer overflow vulnerability identified in the Tenda FH451 router firmware version 1.0.0.9. The flaw resides in the WrlclientSet function, specifically in the handling of the GO parameter submitted to the /goform/WrlclientSet endpoint. Improper validation or bounds checking of this parameter allows an attacker to overflow the stack buffer, potentially overwriting return addresses or control data. This can lead to arbitrary code execution with elevated privileges on the device. The vulnerability is remotely exploitable over the network without requiring authentication or user interaction, making it highly dangerous. The CVSS v4.0 score of 8.7 reflects the ease of exploitation (network attack vector, low attack complexity), lack of required privileges or user interaction, and the high impact on confidentiality, integrity, and availability. Although no active exploitation has been reported, the public disclosure of the exploit code increases the likelihood of attacks. The affected product, Tenda FH451, is a consumer and small business router widely used in various regions, which could be targeted for network compromise, lateral movement, or as a foothold for broader attacks.

The exploitation of this vulnerability can lead to full compromise of the affected Tenda FH451 device. Attackers could execute arbitrary code with elevated privileges, potentially gaining control over the router’s configuration, intercepting or redirecting network traffic, deploying malware, or launching further attacks against internal networks. This threatens the confidentiality of data passing through the device, the integrity of network configurations, and the availability of network services. Organizations relying on these routers for critical connectivity, especially in small to medium enterprises or home office environments, face increased risk of network breaches, data exfiltration, and service disruption. The remote and unauthenticated nature of the exploit significantly broadens the attack surface, enabling widespread scanning and exploitation campaigns. The public availability of exploit code further elevates the threat level, increasing the urgency for mitigation.

Since no official patch links are provided, organizations should immediately implement compensating controls. These include isolating affected Tenda FH451 devices from untrusted networks, restricting access to the /goform/WrlclientSet endpoint via firewall rules or network segmentation, and disabling remote management interfaces if not required. Monitoring network traffic for unusual requests targeting the vulnerable endpoint can help detect exploitation attempts. Where possible, upgrading to a newer firmware version that addresses this vulnerability is strongly recommended once available. If patching is delayed, consider replacing affected devices with models from vendors with timely security updates. Additionally, network administrators should enforce strong network perimeter defenses, conduct regular vulnerability scans, and educate users about the risks of compromised network devices. Maintaining up-to-date backups and incident response plans will also aid in recovery if exploitation occurs.