Skip to content
CVSS 8.8 · HIGH

CVE-2026-7056

A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.

Ver en NVD

Análisis

This vulnerability affects the firmware of a specific Tenda router model (F456). The prompt explicitly identifies vendor-specific firmware for obscure or consumer networking hardware as not relevant to the community's core focus on software development and server operations.

Severidad

Puntaje: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-119CWE-120

EPSS

Probabilidad de explotación (próx. 30 días): 0.0008 (0.1%)
Percentil: 24.0%
EPSS: 2026-05-06

Afecta

tenda:f456_firmwaretenda:f456

Descripción técnica

A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.

Publicada: 26/4/2026, 22:17:32
Última modificación: 29/4/2026, 22:18:32

Referencias

InicioEventosBlogRecursosEquipo