CVE-2026-7079

Name of the Vulnerable Software and Affected Versions Tenda F456 version 1.0.0.5

Description A buffer overflow exists in the httpd component, specifically within the fromAdvSetWan() function of the '/goform/AdvSetWan' endpoint. This issue allows a remote attacker to trigger the overflow by manipulating the wanmode argument. This endpoint is part of the WAN configuration handlers, which are critical as they are closely integrated with core connectivity logic.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/goform/AdvSetWan' endpoint to minimize the risk of exploitation.