Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
AnalysisAI
Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to execute arbitrary code or crash the device via crafted HTTP requests to the /goform/Natlimit endpoint. Public exploit code exists on GitHub (Litengzheng/vuldb_new), demonstrating practical exploitability. EPSS data unavailable, but with POC published and AV:N/AC:L indicating straightforward network exploitation, this poses significant risk to internet-exposed router management interfaces with weak or default credentials.
Technical ContextAI
The vulnerability resides in the httpd component of Tenda F456 router firmware, specifically within the fromNatlimit function that handles requests to the /goform/Natlimit endpoint. This is classified as CWE-119 (Improper Restriction on Operations within Bounds of Memory Buffer), indicating insufficient input validation before copying user-controlled data into fixed-size buffers. Embedded web servers in SOHO routers frequently suffer from such issues due to limited memory protection mechanisms and lack of modern compiler mitigations like stack canaries or ASLR. The /goform/ path pattern is characteristic of Tenda's router management interface, where form handlers directly process CGI-style parameters without adequate boundary checks.
RemediationAI
No vendor-released patch identified at time of analysis - Tenda has not published security advisories or firmware updates addressing CVE-2026-7100 on their official website. Until patched firmware becomes available, implement network-level compensating controls: (1) Disable remote management access to the router's web interface from WAN/internet side, restricting admin access to LAN-only (check router settings under Remote Management or similar). Trade-off: prevents legitimate remote administration. (2) Change default administrator credentials to strong unique passwords (20+ characters, mixed case/numbers/symbols). Trade-off: increases support complexity but essential baseline control. (3) Place router management interface behind VPN access if remote administration is required. Trade-off: adds infrastructure complexity. (4) Monitor for unusual authentication attempts or POST requests to /goform/* endpoints in router logs. Trade-off: limited logging capability on consumer routers. Consider replacing device with actively supported router model from vendors with established security response programs.
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. Rated high sev
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attacke
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication
Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critic
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via
Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan. Rated critical severity (CV
Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical se
Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. Rate
Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /
In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWp
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25800