Which versions of Tenda F456 are affected by CVE-2026-7031?

Tenda F456 routers running version 1.0.0.5 contain a buffer overflow vulnerability that allows authenticated attackers to completely compromise the device through malicious HTTP requests.

Is there a public PoC exploit available for CVE-2026-7031?

Yes, a public proof-of-concept exploit is available for CVE-2026-7031. Prioritise patching immediately. EPSS: 0.0%.

Tenda F456 CVE-2026-7031

Q: What is the CVSS score of CVE-2026-7031?

CVE-2026-7031 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-25706 HIGH

Classic Buffer Overflow (CWE-120)

2026-04-26 VulDB

Buffer Overflow Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 29, 2026 - 18:29 vuln.today

Public exploit code

Re-analysis Queued

Apr 27, 2026 - 19:07 vuln.today

cvss_changed

Analysis Generated

Apr 26, 2026 - 10:30 vuln.today

CVSS changed

Apr 26, 2026 - 10:22 NVD

8.8 (HIGH) 7.4 (HIGH)

EUVD ID Assigned

Apr 26, 2026 - 10:15 euvd

EUVD-2026-25706

Analysis Generated

Apr 26, 2026 - 10:15 vuln.today

CVE Published

Apr 26, 2026 - 09:45 nvd

HIGH 7.4

DescriptionNVD

A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.

AnalysisAI

Buffer overflow in Tenda F456 router version 1.0.0.5 allows authenticated remote attackers to achieve complete device compromise via crafted HTTP requests to the /goform/SafeMacFilter endpoint. The vulnerability resides in the fromSafeMacFilter function's improper validation of the 'page' parameter. …

RemediationAI

Within 24 hours: Identify all Tenda F456 devices in your environment and document firmware versions. Within 7 days: Restrict access to affected routers (disable remote management, limit admin account privileges, implement network segmentation). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7031 vulnerability details – vuln.today

Back

Tenda F456 CVE-2026-7031

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda F456 CVE-2026-7031

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code