CVE-2026-7098

HIGH CVSS 8.8 View on NVD ↗

Description

A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_136/README.md
https://vuldb.com/submit/798471
https://vuldb.com/vuln/359673
https://vuldb.com/vuln/359673/cti
https://www.tenda.com.cn/

Published: Apr 27, 2026 09:16 UTC Modified: Apr 27, 2026 18:57 UTC