CVE-2026-7056
Received Received - Intake
Remote Buffer Overflow in Tenda F456 httpd SafeUrlFilter

Publication date: 2026-04-26

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-26
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-7056
EUVD
EUVD-2026-25726
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda f456_firmware 1.0.0.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Tenda F456 router firmware version 1.0.0.5, specifically in the function fromSafeUrlFilter within the /goform/SafeUrlFilter component of the httpd service.

The issue arises due to improper handling of the 'page' argument, which can be manipulated to cause a buffer overflow.

An attacker can exploit this vulnerability remotely, and the exploit code is publicly available.

Impact Analysis

Exploitation of this vulnerability can lead to a buffer overflow, which may allow an attacker to execute arbitrary code or cause a denial of service on the affected device.

Since the attack can be performed remotely, it poses a significant security risk to the network and devices connected to the vulnerable router.

The CVSS scores indicate a high severity, with potential impacts on confidentiality, integrity, and availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7056. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart