Which versions of Tenda are affected by CVE-2026-6197?

CVE-2026-6197 affects Tenda F456 routers running firmware 1.0.0.5, enabling authenticated attackers to execute arbitrary code and gain complete system control through buffer overflow in wireless…

Is there a public PoC exploit available for CVE-2026-6197?

Yes, a public proof-of-concept exploit is available for CVE-2026-6197. Prioritise patching immediately. EPSS: 0.0%.

Tenda CVE-2026-6197

Q: What is the CVSS score of CVE-2026-6197?

CVE-2026-6197 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-22057 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-04-13 VulDB

GHSA-6xp6-q5rv-82xp

Buffer Overflow Stack Overflow Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 22, 2026 - 20:37 vuln.today

cvss_changed

PoC Detected

Apr 22, 2026 - 20:23 vuln.today

Public exploit code

Analysis Generated

Apr 15, 2026 - 12:32 vuln.today

CVSS changed

Apr 13, 2026 - 19:37 NVD

8.8 (HIGH) 7.4 (HIGH)

EUVD ID Assigned

Apr 13, 2026 - 18:56 euvd

EUVD-2026-22057

Analysis Generated

Apr 13, 2026 - 18:56 vuln.today

CVE Published

Apr 13, 2026 - 18:00 nvd

HIGH 7.4

DescriptionNVD

A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Executing a manipulation of the argument mit_ssid can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.

AnalysisAI

Stack-based buffer overflow in Tenda F456 router firmware version 1.0.0.5 allows authenticated remote attackers to achieve complete system compromise via crafted input to the wireless security settings handler. Public exploit code is available, but EPSS exploitation probability remains very low (0.05%, 14th percentile), and no active exploitation has been reported. …

RemediationAI

Within 24 hours: Identify and inventory all Tenda F456 routers running firmware 1.0.0.5 in your network using device management or asset discovery tools. Within 7 days: Check Tenda vendor advisory for firmware updates beyond 1.0.0.5; if available, plan upgrade rollout; if unavailable, implement compensating controls below. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6197 vulnerability details – vuln.today

Back

Tenda CVE-2026-6197

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda CVE-2026-6197

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code