Skip to content
CVSS 8.8 · HIGH

CVE-2026-7099

A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mit_linktype results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

Ver en NVD

Análisis

This vulnerability affects specific Tenda router firmware and is not related to the software development or server infrastructure stack used by the community. While it is a high-severity remote buffer overflow with a public exploit, the impact is limited to users of this specific consumer hardware.

Severidad

Puntaje: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-119CWE-120

EPSS

Probabilidad de explotación (próx. 30 días): 0.0008 (0.1%)
Percentil: 23.2%
EPSS: 2026-05-06

Afecta

tenda:f456_firmwaretenda:f456

Descripción técnica

A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mit_linktype results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

Publicada: 27/4/2026, 9:16:02
Última modificación: 30/4/2026, 14:04:00

Referencias

InicioEventosBlogRecursosEquipo