PatchSiren cyber security CVE debrief
CVE-2026-11557 Tenda CVE debrief
A high-severity vulnerability, CVE-2026-11557, has been identified in Tenda F451. The vulnerability affects the fromNatlimit function in the /goform/Natlimit file of the Web Management Interface. A remote attacker can exploit this vulnerability by manipulating the 'page' argument, leading to a stack-based buffer overflow. The CVSS score for this vulnerability is 7.4, indicating a high level of severity. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
- Vendor
- Tenda
- Product
- F451
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of Tenda F451 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by a stack-based buffer overflow in the fromNatlimit function of the /goform/Natlimit file. An attacker can exploit this vulnerability by manipulating the 'page' argument, which can lead to remote code execution.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Limit access to the Web Management Interface to trusted users only.
- Monitor network traffic for suspicious activity.
Evidence notes
The vulnerability has been reported by Vuldb and is publicly available.
Official resources
CVE-2026-11557 was published on 2026-06-08T19:16:41.653Z and last modified on 2026-06-09T01:32:36.950Z.