CVE-2026-3679

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tenda FH451 version 1.0.0.9

Description A stack-based buffer overflow exists in the formQuickIndex function of the /goform/QuickIndex file. Manipulation of the mit linktype/PPPOEPassword argument can trigger this issue, allowing for remote exploitation. The exploit is publicly available.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /goform/QuickIndex file to minimize the risk of exploitation. Avoid using the mit linktype/PPPOEPassword argument in the affected file until the issue is resolved.

Exploit

Fix

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-119

Related Identifiers

BDU:2026-06154

CVE-2026-3679

Affected Products

Tenda Fh451

CVE-2026-3679

Weakness Enumeration

Related Identifiers

Affected Products

References · 13