CVE-2026-7029

HighPublic PoC

Published: 26 April 2026

Published

26 April 2026

Modified

30 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0008 23.2th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

Security Summary

CVE-2026-7029 is a buffer overflow vulnerability affecting the Tenda F456 router running firmware version 1.0.0.5. The issue resides in the fromaddressNat function within the /goform/addressNat file, where manipulation of the menufacturer/Go argument triggers the overflow. Classified under CWE-119 and CWE-120, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote exploitation.

An attacker with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows arbitrary code execution, potentially granting high-impact confidentiality, integrity, and availability compromises, such as full device takeover.

Advisories referenced in VulDB entries (vuln/359609 and related pages) document the issue and a public exploit submission, while a GitHub repository provides a proof-of-concept in its README.md. The vendor's site (tenda.com.cn) is listed but offers no specific patch details in the provided references.

The exploit has been publicly disclosed and could be used in attacks, heightening risk for unpatched Tenda F456 devices.

Details

CWE(s): CWE-119CWE-120

Affected Products

tenda

f456 firmware

1.0.0.5

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Buffer overflow in web interface (/goform/addressNat) enables remote exploitation of public-facing application (T1190) and privilege escalation from low privileges (PR:L) to arbitrary code execution and full device takeover (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_119/README.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/submit/798450
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/359609
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/359609/cti
Permissions Required, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com