Cyber Resilience

CVE-2026-6196

High

Published: 13 April 2026

Published
13 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0057 43.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-6196 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Com (inferred from references). Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-6196 is a stack-based buffer overflow vulnerability affecting the Tenda F456 router on firmware version 1.0.0.5. The flaw exists in the fromexeCommand function of the /goform/exeCommand file, where manipulation of the cmdinput argument triggers the overflow. Associated with CWE-119 and CWE-121, it was published on 2026-04-13 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Remote attackers with low privileges, such as authenticated users, can exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation enables high-impact outcomes, including unauthorized access to sensitive data, modification of system integrity, and denial of service through complete availability disruption, potentially leading to full device compromise.

Advisories from VulDB (https://vuldb.com/vuln/357118) document the issue and related CTI, while a public exploit is available on GitHub (https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_113/README.md). Practitioners should consult the vendor site (https://www.tenda.com.cn/) for potential firmware updates or mitigation guidance.

The exploit is public and may be used, heightening risks for unpatched Tenda F456 devices exposed to the internet.

EU & UK References

Vulnerability details

A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit…

more

is now public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Stack-based buffer overflow in public-facing web command execution endpoint (/goform/exeCommand) on network-exposed router enables remote exploitation of the application for initial access (T1190), remote service exploitation (T1210), and privilege escalation from low-priv authenticated user to full device compromise (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7151Shared CWE-119, CWE-121
CVE-2026-3729Shared CWE-119, CWE-121
CVE-2026-4489Shared CWE-119, CWE-121
CVE-2026-6133Shared CWE-119, CWE-121
CVE-2026-4553Shared CWE-119, CWE-121
CVE-2026-2905Shared CWE-119, CWE-121
CVE-2026-5608Shared CWE-119, CWE-121
CVE-2026-6124Shared CWE-119, CWE-121
CVE-2026-2928Shared CWE-119, CWE-121
CVE-2026-2853Shared CWE-119, CWE-121

Affected Assets

Com
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identifying, reporting, and correcting the stack-based buffer overflow flaw in the Tenda F456 firmware's /goform/exeCommand function.

prevent

Mandates validation of the cmdinput argument to block manipulations that trigger the stack-based buffer overflow.

prevent

Provides memory safeguards such as stack canaries and non-executable stack to mitigate exploitation of the buffer overflow vulnerability.

References