Skip to content
CVSS 8.8 · HIGH

CVE-2026-7056

A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.

View on NVD

Analysis

This vulnerability affects the firmware of a specific Tenda router model (F456). The prompt explicitly identifies vendor-specific firmware for obscure or consumer networking hardware as not relevant to the community's core focus on software development and server operations.

Severity

Score: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-119CWE-120

EPSS

Probability of exploitation (next 30 days): 0.0008 (0.1%)
Percentile: 24.0%
EPSS: 2026-05-06

Affects

tenda:f456_firmwaretenda:f456

Technical description

A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.

Published: 4/26/2026, 10:17:32 PM
Last modified: 4/29/2026, 10:18:32 PM

References

HomeEventsBlogResourcesTeam