Which versions of Tenda F456 are affected by CVE-2026-7057?

CVE-2026-7057 is a high-severity buffer overflow in Tenda F456 router firmware that allows authenticated network users to execute arbitrary code, potentially compromising network infrastructure and…

Is there a public PoC exploit available for CVE-2026-7057?

Yes, a public proof-of-concept exploit is available for CVE-2026-7057. Prioritise patching immediately. EPSS: 0.0%.

Tenda F456 CVE-2026-7057

Q: What is the CVSS score of CVE-2026-7057?

CVE-2026-7057 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-25727 HIGH

Classic Buffer Overflow (CWE-120)

2026-04-26 VulDB

Buffer Overflow Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 29, 2026 - 22:18 vuln.today

Public exploit code

Analysis Updated

Apr 26, 2026 - 22:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 26, 2026 - 22:22 vuln.today

cvss_changed

CVSS changed

Apr 26, 2026 - 22:22 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

Apr 26, 2026 - 19:31 vuln.today

EUVD ID Assigned

Apr 26, 2026 - 19:15 euvd

EUVD-2026-25727

Analysis Generated

Apr 26, 2026 - 19:15 vuln.today

CVE Published

Apr 26, 2026 - 18:45 nvd

HIGH 7.4

DescriptionNVD

A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.

AnalysisAI

Buffer overflow in Tenda F456 router firmware 1.0.0.5 enables remote authenticated attackers to achieve arbitrary code execution via crafted HTTP requests to the /goform/setcfm endpoint in the httpd service. The vulnerability affects the funcname and funcpara1 parameters and has a publicly available exploit on GitHub, significantly lowering the barrier for exploitation. …

RemediationAI

Within 24 hours: Inventory all Tenda F456 routers running firmware 1.0.0.5 and isolate affected devices from production networks if operationally feasible. Within 7 days: Contact Tenda support for firmware updates beyond 1.0.0.5 and evaluate alternative router models; restrict administrative access to affected devices to least-privilege accounts only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7057 vulnerability details – vuln.today

Back

Tenda F456 CVE-2026-7057

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda F456 CVE-2026-7057

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code