Cyber Resilience

CVE-2026-2911

HighPublic PoC

Published: 22 February 2026

Published
22 February 2026
Modified
23 February 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0307 86.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-2911 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Fh451 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-2911 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting Tenda FH451 routers on firmware versions up to 1.0.0.9. The flaw occurs in the processing of the /goform/GstDhcpSetSer file or endpoint, enabling remote manipulation that triggers the overflow. Published on 2026-02-22, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), marking it as high severity.

The vulnerability can be exploited remotely by an attacker with low privileges, such as an authenticated user on the network. Low attack complexity and no user interaction are required, allowing exploitation over the network. Successful attacks can achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution or system compromise.

Advisories provide further details via VulDB entries (ctiid.347220, id.347220, submit.755218), vuln.ricky.place/Tenda/FH451/, and the Tenda vendor site (tenda.com.cn/). The exploit has been publicly disclosed and may be actively used by attackers.

EU & UK References

Vulnerability details

A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed…

more

to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in web management endpoint (/goform/GstDhcpSetSer) of Tenda FH451 router enables remote exploitation of a public-facing application for arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-7747Same product: Tenda Fh451
CVE-2025-7792Same product: Tenda Fh451
CVE-2025-7854Same product: Tenda Fh451
CVE-2025-7796Same product: Tenda Fh451
CVE-2025-7807Same product: Tenda Fh451
CVE-2025-7506Same product: Tenda Fh451
CVE-2025-7795Same product: Tenda Fh451
CVE-2025-7434Same product: Tenda Fh451
CVE-2025-7853Same product: Tenda Fh451
CVE-2025-7794Same product: Tenda Fh451

Affected Assets

tenda
fh451 firmware
1.0.0.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents buffer overflows by requiring validation of inputs to the vulnerable /goform/GstDhcpSetSer endpoint.

prevent

Requires timely remediation of known flaws like this buffer overflow through firmware patching or upgrades.

prevent

Implements memory protections such as stack guards and non-executable memory to mitigate exploitation of buffer overflows.

References