CVE-2026-7098
Remote Buffer Overflow in Tenda F456 httpd Component
Publication date: 2026-04-27
Last updated on: 2026-04-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | f456_firmware | 1.0.0.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The CVE-2026-7098 vulnerability affects the Tenda F456 router, version 1.0.0.5. It is a stack-based buffer overflow found in the httpd service, specifically within the fromDhcpListClient function. This function processes a user-supplied parameter named "page." The vulnerability arises because the variable derived from this parameter is passed to the sprintf function without any bounds checking, allowing an attacker to overflow the stack buffer.
An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the /goform/DhcpListClient endpoint with an excessively long "page" parameter. This causes the buffer overflow, which can lead to denial of service or remote code execution on the affected device.
How can this vulnerability impact me? :
This vulnerability can allow a remote attacker to compromise the affected Tenda F456 router by exploiting the unchecked buffer overflow in the HTTP daemon. The potential impacts include denial of service (DoS), which can disrupt network connectivity, or remote code execution (RCE), which could allow the attacker to take control of the device.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP POST requests sent to the endpoint /goform/DhcpListClient containing an excessively long "page" parameter.
A practical detection method is to capture network traffic and filter for POST requests targeting /goform/DhcpListClient with unusually large payloads in the "page" parameter.
- Use a network packet capture tool like tcpdump or Wireshark to monitor traffic on the network.
- Example tcpdump command to capture HTTP POST requests to the vulnerable endpoint: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -i 'POST /goform/DhcpListClient'
- Inspect captured HTTP POST data for the presence of a very large "page" parameter filled with repeated characters, which may indicate an exploit attempt.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint and preventing exploitation attempts by filtering or blocking malicious HTTP POST requests.
Specifically, you can implement firewall rules or web application firewall (WAF) policies to block or limit POST requests to /goform/DhcpListClient, especially those with unusually large "page" parameters.
Additionally, consider updating the device firmware if a patch is available or replacing the affected device with a secure version.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-7098 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.