Which versions of Tenda F456 are affected by EUVD-2026-25723?

CVE-2026-7053 is a buffer overflow in Tenda F456 router firmware (version 1.0.0.5) that allows authenticated users with low privileges to achieve complete system compromise through malicious HTTP…

Is there a public PoC exploit available for EUVD-2026-25723?

Yes, a public proof-of-concept exploit is available for EUVD-2026-25723. Prioritise patching immediately. EPSS: 0.0%.

Tenda F456 EUVD-2026-25723

Q: What is the CVSS score of EUVD-2026-25723?

EUVD-2026-25723 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-7053 HIGH

Classic Buffer Overflow (CWE-120)

2026-04-26 VulDB

Buffer Overflow Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 29, 2026 - 22:29 vuln.today

Public exploit code

Analysis Updated

Apr 26, 2026 - 22:31 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 26, 2026 - 22:22 vuln.today

cvss_changed

CVSS changed

Apr 26, 2026 - 22:22 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

Apr 26, 2026 - 17:00 vuln.today

EUVD ID Assigned

Apr 26, 2026 - 16:30 euvd

EUVD-2026-25723

Analysis Generated

Apr 26, 2026 - 16:30 vuln.today

CVE Published

Apr 26, 2026 - 16:00 nvd

HIGH 7.4

DescriptionNVD

A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

AnalysisAI

Buffer overflow in Tenda F456 router firmware version 1.0.0.5 enables authenticated remote attackers to achieve complete system compromise via crafted HTTP requests to the /goform/L7Prot endpoint. The vulnerability affects the frmL7ProtForm function in the httpd component, triggered by malicious 'page' parameter manipulation. …

RemediationAI

Within 24 hours: Identify all Tenda F456 routers running firmware 1.0.0.5 in your network inventory and isolate them from critical systems where possible. Within 7 days: Contact Tenda for patch availability status and timeline; implement network segmentation to restrict HTTP access to the /goform/L7Prot endpoint to trusted administrators only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-25723 vulnerability details – vuln.today

Back

Tenda F456 EUVD-2026-25723

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda F456 EUVD-2026-25723

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code