Cyber Resilience

CVE-2026-7033

HighPublic PoC

Published: 26 April 2026

Published
26 April 2026
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0075 50.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-7033 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda F456 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-7033 is a buffer overflow vulnerability in Tenda F456 routers running firmware version 1.0.0.5. The flaw affects the fromSafeClientFilter function in the /goform/SafeClientFilter file, where manipulation of the "menufacturer/Go" argument triggers the overflow. Published on 2026-04-26, it is rated 8.8 on the CVSS v3.1 scale (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-119 and CWE-120.

The vulnerability enables remote exploitation by an attacker possessing low privileges, requiring no user interaction and low attack complexity. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the affected device.

Advisories and references include a GitHub repository at https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_123/README.md detailing the exploit, which has been publicly disclosed and may be used, along with VulDB submissions and vulnerability pages at https://vuldb.com/submit/798454, https://vuldb.com/vuln/359613, and https://vuldb.com/vuln/359613/cti. The Tenda manufacturer site is available at https://www.tenda.com.cn/.

EU & UK References

Vulnerability details

A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Such manipulation of the argument menufacturer/Go leads to buffer overflow. The attack can be launched remotely. The exploit has…

more

been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in public-facing web interface (/goform/SafeClientFilter) on Tenda router enables remote code execution with low privileges and no user interaction, directly facilitating T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7055Same product: Tenda F456
CVE-2026-7057Same product: Tenda F456
CVE-2026-7098Same product: Tenda F456
CVE-2026-7053Same product: Tenda F456
CVE-2026-7097Same product: Tenda F456
CVE-2026-7080Same product: Tenda F456
CVE-2026-7031Same product: Tenda F456
CVE-2026-7082Same product: Tenda F456
CVE-2026-7101Same product: Tenda F456
CVE-2026-7019Same product: Tenda F456

Affected Assets

tenda
f456 firmware
1.0.0.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the buffer overflow by requiring timely installation of firmware patches or mitigations for the fromSafeClientFilter function vulnerability.

prevent

Prevents the buffer overflow by enforcing validation and sanitization of the 'menufacturer/Go' argument in the /goform/SafeClientFilter endpoint.

prevent

Mitigates exploitation of the buffer overflow through memory protections like non-executable stacks and address randomization on the router firmware.

References