CVE-2026-7101

8.8 HIGH

A vulnerability has been found in Tenda F456 1.0.0.5

Published: 2026-04-27 · Last updated: 2026-05-28

Severity and scoring

CVSS: 8.8 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119, CWE-120

Affected products

Vendor	Product
tenda	f456_firmware

Description

A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-7101
[Exploit reference]https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_139/README.md
[Other]https://vuldb.com/submit/798474
[Other]https://vuldb.com/vuln/359676
[Other]https://vuldb.com/vuln/359676/cti
[Other]https://www.tenda.com.cn/

Related CVEs

Same CWE

CVE-2026-12330 — Incorrect boundary conditions in the Internationalization component (5.4 MEDIUM)
CVE-2026-12329 — Memory safety bug fixed in Thunderbird ESR 140.12 (5.3 MEDIUM)
CVE-2026-12328 — Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151 (8.1 HIGH)
CVE-2026-12327 — Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151 (7.3 HIGH)
CVE-2026-12326 — Memory safety bugs present in Firefox 151 and Thunderbird 151 (7.3 HIGH)