Which versions of Tenda F456 are affected by CVE-2026-7098?

Tenda F456 routers (version 1.0.0.5) are vulnerable to remote code execution through the web management interface, allowing attackers with low-privilege HTTP credentials to execute arbitrary commands…

Tenda F456 CVE-2026-7098

Q: What is the CVSS score of CVE-2026-7098?

CVE-2026-7098 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-25798 HIGH

Buffer Overflow (CWE-119)

2026-04-27 cna@vuldb.com

Buffer Overflow Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 27, 2026 - 19:07 vuln.today

cvss_changed

Analysis Generated

Apr 27, 2026 - 09:30 vuln.today

EUVD ID Assigned

Apr 27, 2026 - 09:22 euvd

EUVD-2026-25798

Analysis Generated

Apr 27, 2026 - 09:22 vuln.today

CVE Published

Apr 27, 2026 - 09:16 nvd

HIGH 7.4

DescriptionNVD

A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

AnalysisAI

Remote authenticated attackers can execute arbitrary code on Tenda F456 router version 1.0.0.5 via buffer overflow in the DhcpListClient function of the httpd component. Exploitation requires low-privilege HTTP authentication and targets the web management interface. …

RemediationAI

Within 24 hours: Identify all Tenda F456 v1.0.0.5 devices in production using network scanning or asset management systems; restrict HTTP management interface access to trusted IP ranges via firewall rules. Within 7 days: Change all default credentials on identified devices; disable remote management access if not operationally required; implement network segmentation to isolate router management from untrusted zones. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7098 vulnerability details – vuln.today

Back

Tenda F456 CVE-2026-7098

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda F456 CVE-2026-7098

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code