Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
AnalysisAI
Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to compromise the device via buffer overflow in the httpd web management interface. Exploitation requires low-privilege credentials but enables complete device takeover (CVSS 7.4). A public proof-of-concept exploit exists on GitHub, significantly lowering the barrier to active exploitation despite requiring authentication.
Technical ContextAI
This vulnerability affects the httpd web server component of Tenda F456 wireless router firmware version 1.0.0.5 (cpe:2.3:a:tenda:f456:*:*:*:*:*:*:*:*). The flaw is a classic buffer overflow (CWE-120) in the fromwebExcptypemanFilter function within the /goform/webExcptypemanFilter endpoint. When processing the 'page' parameter, insufficient bounds checking allows an attacker to write beyond allocated memory boundaries. Buffer overflows in embedded device web interfaces commonly occur in C-based httpd implementations where unsafe string functions (strcpy, sprintf) are used without input validation. On MIPS or ARM-based routers like Tenda devices, successful exploitation typically overwrites return addresses on the stack to redirect execution flow, achieving arbitrary code execution with the privileges of the httpd process (usually root on consumer routers).
RemediationAI
Check Tenda's official support portal (https://www.tenda.com.cn/) for firmware updates newer than 1.0.0.5 that address CVE-2026-7097, though no vendor-released patch version is confirmed in available intelligence at time of analysis. Until patching is confirmed available, implement network-level compensating controls: (1) Disable remote web management access entirely and restrict httpd to LAN-only access via firewall rules on the WAN interface - this eliminates the AV:N attack vector but prevents legitimate remote administration; (2) Change default administrative credentials to complex unique passwords (16+ characters) to mitigate credential-based access, though this only raises attacker cost rather than eliminating the vulnerability; (3) Place the router behind a properly configured firewall/UTM that can block exploitation attempts, though this requires DPI capabilities to inspect /goform/ POST requests; (4) Segment the network so router compromise does not grant access to critical assets. If remote management is business-critical, consider replacing the device with enterprise-grade equipment that receives timely security updates. The public exploit code (https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_135/README.md) should be reviewed to understand specific attack patterns for WAF rule development.
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. Rated high sev
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attacke
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication
Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critic
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via
Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan. Rated critical severity (CV
Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical se
Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. Rate
Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /
In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWp
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25788