Which versions of Tenda F456 are affected by CVE-2026-7019?

CVE-2026-7019 is a high-severity remote code execution vulnerability in Tenda F456 routers (firmware 1.0.0.5) that allows authenticated users with low-privilege access to crash devices or execute…

Tenda F456 CVE-2026-7019

Q: What is the CVSS score of CVE-2026-7019?

CVE-2026-7019 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-25694 HIGH

Buffer Overflow (CWE-119)

2026-04-26 cna@vuldb.com

Buffer Overflow Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 27, 2026 - 19:07 vuln.today

cvss_changed

Analysis Generated

Apr 26, 2026 - 05:30 vuln.today

EUVD ID Assigned

Apr 26, 2026 - 05:22 euvd

EUVD-2026-25694

Analysis Generated

Apr 26, 2026 - 05:22 vuln.today

CVE Published

Apr 26, 2026 - 05:16 nvd

HIGH 7.4

DescriptionNVD

A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

AnalysisAI

Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to crash the device or execute arbitrary code via buffer overflow in the fromP2pListFilter function. Exploitation requires low-privilege authentication (PR:L) and is network-accessible (AV:N) with low attack complexity (AC:L). …

RemediationAI

Within 24 hours: Identify all Tenda F456 devices running firmware 1.0.0.5 in your network inventory and disable remote management interfaces if not operationally critical. Within 7 days: Check Tenda's security advisories for firmware updates to version 1.0.0.6 or later; contact Tenda support directly if patches remain unavailable. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7019 vulnerability details – vuln.today

Back

Tenda F456 CVE-2026-7019

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda F456 CVE-2026-7019

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code