CVE-2026-6134

HIGH

A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument qos results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.

CVSS v3.1 Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Complexity

LOW

Privileges

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 4/12/2026Modified: 4/30/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (5)

https://github.com/Jimi-Lab/cve/issues/18Broken Link https://vuldb.com/submit/792876Third Party AdvisoryVDB Entry https://vuldb.com/vuln/356998Third Party AdvisoryVDB Entry https://vuldb.com/vuln/356998/ctiPermissions RequiredVDB Entry https://www.tenda.com.cn/Product