Which versions of Tenda F456 are affected by CVE-2026-7032?

CVE-2026-7032 affects Tenda F456 wireless routers running firmware 1.0.0.5, allowing authenticated users with low-privilege access to execute arbitrary code and completely compromise router…

Is there a public PoC exploit available for CVE-2026-7032?

Yes, a public proof-of-concept exploit is available for CVE-2026-7032. Prioritise patching immediately. EPSS: 0.0%.

Tenda F456 CVE-2026-7032

Q: What is the CVSS score of CVE-2026-7032?

CVE-2026-7032 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-25708 HIGH

Classic Buffer Overflow (CWE-120)

2026-04-26 VulDB

Buffer Overflow Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 29, 2026 - 18:26 vuln.today

Public exploit code

Analysis Updated

Apr 26, 2026 - 11:28 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 26, 2026 - 11:22 vuln.today

cvss_changed

CVSS changed

Apr 26, 2026 - 11:22 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

Apr 26, 2026 - 11:00 vuln.today

EUVD ID Assigned

Apr 26, 2026 - 10:30 euvd

EUVD-2026-25708

Analysis Generated

Apr 26, 2026 - 10:30 vuln.today

CVE Published

Apr 26, 2026 - 10:00 nvd

HIGH 7.4

DescriptionNVD

A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.

AnalysisAI

Buffer overflow in Tenda F456 wireless router firmware 1.0.0.5 allows authenticated remote attackers to achieve arbitrary code execution through the SafeEmailFilter function. The vulnerability requires low-privilege authentication but enables complete system compromise (confidentiality, integrity, and availability impact all rated High). …

RemediationAI

Within 24 hours: Identify all Tenda F456 devices running firmware 1.0.0.5 in your network inventory and document their locations and criticality. Within 7 days: Restrict administrative and low-privilege account access to these routers to trusted personnel only, disable remote management interfaces, and isolate affected routers from production networks if operationally feasible. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7032 vulnerability details – vuln.today

Back

Tenda F456 CVE-2026-7032

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda F456 CVE-2026-7032

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code