Skip to content
CVSS 8.8 · HIGH

CVE-2026-7082

A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.

Ver en NVD

Análisis

This is a buffer overflow in the firmware of a specific Tenda consumer router model. Per the editorial guidelines, vendor-specific firmware for obscure IoT or home networking gear is not relevant to the community stack and does not meet the threshold for publication.

Severidad

Puntaje: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-119CWE-120

EPSS

Probabilidad de explotación (próx. 30 días): 0.0008 (0.1%)
Percentil: 23.2%
EPSS: 2026-05-06

Afecta

tenda:f456_firmwaretenda:f456

Descripción técnica

A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.

Publicada: 27/4/2026, 4:16:09
Última modificación: 30/4/2026, 14:28:51

Referencias

InicioEventosBlogRecursosEquipo