CVE-2026-6197
Published: 13 April 2026
Summary
CVE-2026-6197 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Com (inferred from references). Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-6197 is a stack-based buffer overflow vulnerability affecting the Tenda F456 router on firmware version 1.0.0.5. The flaw exists in the formWrlsafeset function within the /goform/AdvSetWrlsafeset file, where manipulation of the mit_ssid argument triggers the overflow. It is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation by attackers possessing low privileges, with low complexity and no requirement for user interaction. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the affected device.
Advisories and references, including VULDB entries (vuldb.com/vuln/357119) and a GitHub repository (github.com/Litengzheng/vuldb_new/blob/main/F456/vul_114/README.md), document the issue and confirm that a public exploit has been published and may be used. The vendor's site (tenda.com.cn) is listed, but no specific patch or mitigation details are provided in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-22057
Vulnerability details
A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Executing a manipulation of the argument mit_ssid can lead to stack-based buffer overflow. The attack may be performed from remote. The…
more
exploit has been published and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the router's public-facing web interface (/goform/AdvSetWrlsafeset) directly enables remote exploitation of a public-facing application for arbitrary code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of the mit_ssid argument to prevent stack-based buffer overflow from improper input handling.
Mandates timely remediation of the identified buffer overflow flaw through firmware updates or patches for the Tenda F456 router.
Implements memory protections such as stack canaries and address space layout randomization to mitigate exploitation of the stack-based buffer overflow.