Which versions of Tenda are affected by CVE-2026-6200?

Tenda F456 routers running firmware 1.0.0.5 contain a stack-based buffer overflow in the web management interface that allows authenticated attackers to execute arbitrary code, potentially…

Is there a public PoC exploit available for CVE-2026-6200?

Yes, a public proof-of-concept exploit is available for CVE-2026-6200. Prioritise patching immediately. EPSS: 0.0%.

Tenda CVE-2026-6200

Q: What is the CVSS score of CVE-2026-6200?

CVE-2026-6200 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-22065 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-04-13 VulDB

GHSA-g92h-vg4v-w46f

Buffer Overflow Stack Overflow Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 22, 2026 - 20:37 vuln.today

cvss_changed

PoC Detected

Apr 22, 2026 - 20:23 vuln.today

Public exploit code

Analysis Generated

Apr 15, 2026 - 12:34 vuln.today

CVSS changed

Apr 13, 2026 - 19:37 NVD

8.8 (HIGH) 7.4 (HIGH)

EUVD ID Assigned

Apr 13, 2026 - 18:56 euvd

EUVD-2026-22065

Analysis Generated

Apr 13, 2026 - 18:56 vuln.today

CVE Published

Apr 13, 2026 - 18:45 nvd

HIGH 7.4

DescriptionNVD

A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

AnalysisAI

Stack-based buffer overflow in Tenda F456 1.0.0.5 router's formwebtypelibrary function allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in /goform/webtypelibrary endpoint via manipulation of the 'menufacturer' or 'Go' parameters. …

RemediationAI

Within 24 hours: Identify all Tenda F456 1.0.0.5 routers in your environment using network inventory tools; isolate affected devices from production networks if possible. Within 7 days: Contact Tenda for firmware update availability and evaluate alternative router models if no patch timeline is provided; restrict administrative access to the router's web interface to trusted IP addresses only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6200 vulnerability details – vuln.today

Back

Tenda CVE-2026-6200

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda CVE-2026-6200

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code