CVE-2026-7101

HighPublic PoC

Published: 27 April 2026

Published

27 April 2026

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0016 36.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed…

to the public and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely remediation of identified flaws like this buffer overflow by applying vendor firmware patches to eliminate the vulnerability.

SI-10 Information Input Validation good match

prevent

SI-10 enforces input validation at the httpd /goform/WrlclientSet endpoint to block malformed inputs that trigger the buffer overflow.

SI-16 Memory Protection good match

prevent

SI-16 implements memory protections such as DEP and ASLR to mitigate arbitrary code execution from successful buffer overflow exploitation.

Security SummaryAI

CVE-2026-7101 is a buffer overflow vulnerability (CWE-119, CWE-120) discovered in Tenda F456 routers running firmware version 1.0.0.5. The issue resides in the fromWrlclientSet function within the /goform/WrlclientSet file of the httpd component. Published on 2026-04-27, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), highlighting its high severity due to remote exploitability.

Attackers with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction required (UI:N). Manipulation of the affected function triggers the buffer overflow, potentially granting high impacts on confidentiality, integrity, and availability, such as arbitrary code execution on the device.

Advisories and details are available via VulDB entries (vuldb.com/vuln/359676 and related pages), a GitHub repository (github.com/Litengzheng/vuldb_new/blob/main/F456/vul_139/README.md) disclosing the exploit, and the Tenda vendor site (tenda.com.cn). The exploit has been publicly released and may be actively used.

The vulnerability's public exploit disclosure elevates the risk for unpatched Tenda F456 devices exposed to the internet.

Details

CWE(s): CWE-119 CWE-120

Affected Products

tenda

f456 firmware

1.0.0.5

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is a buffer overflow in the web server (httpd) of a public-facing router, enabling remote code execution via exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_139/README.md
Exploit, Vendor Advisory · cna@vuldb.com
https://vuldb.com/submit/798474
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/359676
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/359676/cti
Permissions Required, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com