CVE-2026-7101

Name of the Vulnerable Software and Affected Versions Tenda F456 version 1.0.0.5

Description A buffer overflow exists in the httpd component of the firmware. The issue occurs within the fromWrlclientSet() function located in the /goform/WrlclientSet file. Additionally, the formQuickIndex() function is susceptible to an out-of-bounds memory operation when processing the mit linktype parameter. A remote attacker can exploit these flaws by sending a specially crafted POST request to cause a denial of service or execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.