CVE-2026-7056

Description

A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.

PUBLISHED Reserved 2026-04-26 | Published 2026-04-26 | Updated 2026-04-27 | Assigner VulDB

Problem types

Buffer Overflow

Memory Corruption

Product status

Timeline

Credits

LtzHust (VulDB User) reporter

References

vuldb.com/vuln/359629 (VDB-359629 | Tenda F456 httpd SafeUrlFilter fromSafeUrlFilter buffer overflow) vdb-entry technical-description

vuldb.com/vuln/359629/cti (VDB-359629 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/submit/798458 (Submit #798458 | Tenda F456 v1.0.0.5 Stack-based Buffer Overflow) third-party-advisory

vuldb.com/submit/798462 (Submit #798462 | Tenda F456 v1.0.0.5 Stack-based Buffer Overflow (Duplicate)) third-party-advisory

github.com/...eng/vuldb_new/blob/main/F456/vul_127/README.md exploit

www.tenda.com.cn/ product

cve.org (CVE-2026-7056)

nvd.nist.gov (CVE-2026-7056)

Download JSON