Which versions of Tenda F456 are affected by CVE-2026-7033?

Tenda F456 routers running firmware 1.0.0.5 are vulnerable to a buffer overflow that allows authenticated attackers to fully compromise device security and disrupt network operations.

Is there a public PoC exploit available for CVE-2026-7033?

Yes, a public proof-of-concept exploit is available for CVE-2026-7033. Prioritise patching immediately. EPSS: 0.0%.

Tenda F456 CVE-2026-7033

Q: What is the CVSS score of CVE-2026-7033?

CVE-2026-7033 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-25709 HIGH

Classic Buffer Overflow (CWE-120)

2026-04-26 VulDB

Buffer Overflow Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 29, 2026 - 22:33 vuln.today

Public exploit code

Analysis Updated

Apr 26, 2026 - 11:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 26, 2026 - 11:22 vuln.today

cvss_changed

CVSS changed

Apr 26, 2026 - 11:22 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

Apr 26, 2026 - 11:00 vuln.today

EUVD ID Assigned

Apr 26, 2026 - 10:30 euvd

EUVD-2026-25709

Analysis Generated

Apr 26, 2026 - 10:30 vuln.today

CVE Published

Apr 26, 2026 - 10:15 nvd

HIGH 7.4

DescriptionNVD

A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Such manipulation of the argument menufacturer/Go leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to achieve high-impact compromise of device confidentiality, integrity, and availability through crafted input to the SafeClientFilter function. A proof-of-concept exploit has been published on GitHub, increasing the likelihood of exploitation attempts against exposed management interfaces. …

RemediationAI

Within 24 hours: Inventory all Tenda F456 routers and document firmware versions; disable remote management access if enabled. Within 7 days: Change all router administrative credentials to complex passwords; restrict management interface access to trusted networks only via firewall rules; contact Tenda support for patch timeline. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7033 vulnerability details – vuln.today

Back

Tenda F456 CVE-2026-7033

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda F456 CVE-2026-7033

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code