The Tenda FH451 router is affected by a critical stack-based buffer overflow vulnerability that could allow for remote code execution.

This is a stack-based buffer overflow vulnerability residing in the webExcptypemanFilter function. The flaw is remotely exploitable by an unauthenticated attacker through the manipulation of the 'page' argument.

With a CVSS score of 8.8, this vulnerability poses a significant risk to organizational network integrity. Successful exploitation could lead to unauthorized remote code execution, potentially resulting in full device compromise, lateral movement within the network, or the interception of sensitive traffic.

Immediate Action: Review vendor documentation for available firmware updates and apply them immediately to the affected devices.

Proactive Monitoring: Monitor network traffic for anomalous HTTP requests targeting the 'page' argument within administrative interfaces.

Compensating Controls: Implement a Web Application Firewall (WAF) or restrict access to the device's web management interface to trusted internal IP addresses only.

Public Exploit Available: True

Given the high CVSS score and the remote nature of the attack vector, this vulnerability represents a severe threat. Organizations should prioritize patching or isolating these devices from the public internet immediately to prevent potential exploitation.