Cyber Resilience

CVE-2026-6198

High

Published: 13 April 2026

Published
13 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0045 35.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-6198 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Com (inferred from references). Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-6198 is a stack-based buffer overflow vulnerability (CWE-119, CWE-121) affecting Tenda F456 routers on firmware version 1.0.0.5. The flaw exists in the fromNatStaticSetting function processed via the /goform/NatStaticSetting endpoint, where manipulation of the "page" argument triggers the overflow.

Remote attackers with low privileges can exploit this vulnerability with low complexity and no user interaction, as indicated by its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially resulting in arbitrary code execution on the affected device.

Advisories and additional details are documented on VulDB (including submission and CTI entries) and a GitHub repository containing the publicly disclosed exploit. The Tenda vendor website provides a potential source for firmware updates or mitigation guidance.

The exploit has been disclosed to the public and may be used in active attacks.

EU & UK References

Vulnerability details

A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit…

more

has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The stack-based buffer overflow in the public-facing web endpoint (/goform/NatStaticSetting) on the router directly enables remote exploitation of a public-facing application (T1190) and exploitation for privilege escalation, as low-privilege access leads to arbitrary code execution with high impact on C/I/A (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-3729Shared CWE-119, CWE-121
CVE-2026-4489Shared CWE-119, CWE-121
CVE-2026-6133Shared CWE-119, CWE-121
CVE-2026-4553Shared CWE-119, CWE-121
CVE-2026-2905Shared CWE-119, CWE-121
CVE-2026-5608Shared CWE-119, CWE-121
CVE-2026-6124Shared CWE-119, CWE-121
CVE-2026-2928Shared CWE-119, CWE-121
CVE-2026-2853Shared CWE-119, CWE-121
CVE-2026-2885Shared CWE-119, CWE-121

Affected Assets

Com
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely identification, reporting, and correction of system flaws like this stack-based buffer overflow via firmware updates.

prevent

SI-10 enforces input validation on the 'page' argument in the /goform/NatStaticSetting endpoint to prevent the buffer overflow manipulation.

prevent

SI-16 implements memory protections such as stack canaries to thwart exploitation of the stack-based buffer overflow even if triggered.

References