Description
A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
References (5)
Core 5
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-359626 | Tenda F456 httpd L7Prot frmL7ProtForm buffer overflow
https://vuldb.com/vuln/359626
Signature, Permissions Required signature
permissions-required
VDB-359626 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/359626/cti
Third Party Advisory third-party-advisory
Submit #798455 | Tenda F456 v1.0.0.5 Stack-based Buffer Overflow
https://vuldb.com/submit/798455
Product product
https://www.tenda.com.cn/
Scores
CVSS v3
8.8
EPSS
0.0062
EPSS Percentile
44.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
CWE-120
Status
published
Products (2)
Tenda/F456
1.0.0.5
tenda/f456_firmware
1.0.0.5
Published
Apr 26, 2026
Tracked Since
Apr 26, 2026