Description
A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Published: 2026-04-27
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

This vulnerability is a classic buffer overflow in the httpd service of the Tenda F456 router. The flaw occurs in the fromWrlclientSet function in the /goform/WrlclientSet endpoint. A crafted HTTP request can overflow internal buffers, allowing an attacker to execute arbitrary code or crash the process. By gaining code execution, an attacker can compromise the router’s firmware, exfiltrate traffic, or use the device as a pivot for further attacks. The problem is identified as CWE-119 and CWE-120. The impact threatens confidentiality, integrity, and availability of the device and any network traffic routed through it.

Affected Systems

Affected is the Tenda F456 router, firmware version 1.0.0.5. No other models or versions were explicitly listed.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity of remote code execution. The EPSS score of under 1% suggests that, as of the current data, the exploitation probability is low, and the vulnerability is not yet in CISA’s KEV list. However, the attack is remote and can be triggered via HTTP, making it reachable from the Internet. The buffer overflow allows arbitrary code execution, which is a critical risk to network security. Admins should consider the high potential impact when deciding remediation steps.

Generated by OpenCVE AI on April 28, 2026 at 04:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router to the latest firmware that patches the buffer overflow.
  • If no firmware update is available, disable or restrict access to the /goform/WrlclientSet endpoint by applying firewall rules or limiting the web management interface to the local network.
  • Monitor the router’s logs and network traffic for unusual patterns that could indicate exploitation attempts.

Generated by OpenCVE AI on April 28, 2026 at 04:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda f456
Vendors & Products Tenda
Tenda f456

Mon, 27 Apr 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 27 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Title Tenda F456 httpd WrlclientSet fromWrlclientSet buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda F456
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-27T10:47:41.556Z

Reserved: 2026-04-26T09:00:03.109Z

Link: CVE-2026-7101

cve-icon Vulnrichment

Updated: 2026-04-27T10:34:56.416Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-27T09:16:02.747

Modified: 2026-04-27T18:57:20.293

Link: CVE-2026-7101

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T04:45:22Z

Weaknesses