Skip to content
CVSS 8.8 · HIGH

CVE-2026-7054

A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the argument opttype/usernamewith can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

View on NVD

Analysis

This is a buffer overflow in a specific model of Tenda consumer router firmware. The instructions explicitly list Tenda router firmware as an example of content that is not relevant to this developer community stack.

Severity

Score: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-119CWE-120

EPSS

Probability of exploitation (next 30 days): 0.0008 (0.1%)
Percentile: 23.2%
EPSS: 2026-05-06

Affects

tenda:f456_firmwaretenda:f456

Technical description

A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the argument opttype/usernamewith can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

Published: 4/26/2026, 10:17:32 PM
Last modified: 4/29/2026, 10:28:40 PM

References

HomeEventsBlogResourcesTeam