CVE-2026-7101
Published: 27 April 2026
Summary
CVE-2026-7101 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda F456 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely remediation of identified flaws like this buffer overflow by applying vendor firmware patches to eliminate the vulnerability.
SI-10 enforces input validation at the httpd /goform/WrlclientSet endpoint to block malformed inputs that trigger the buffer overflow.
SI-16 implements memory protections such as DEP and ASLR to mitigate arbitrary code execution from successful buffer overflow exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a buffer overflow in the web server (httpd) of a public-facing router, enabling remote code execution via exploitation of a public-facing application.
NVD Description
A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed…
more
to the public and may be used.
Deeper analysisAI
CVE-2026-7101 is a buffer overflow vulnerability (CWE-119, CWE-120) discovered in Tenda F456 routers running firmware version 1.0.0.5. The issue resides in the fromWrlclientSet function within the /goform/WrlclientSet file of the httpd component. Published on 2026-04-27, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), highlighting its high severity due to remote exploitability.
Attackers with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction required (UI:N). Manipulation of the affected function triggers the buffer overflow, potentially granting high impacts on confidentiality, integrity, and availability, such as arbitrary code execution on the device.
Advisories and details are available via VulDB entries (vuldb.com/vuln/359676 and related pages), a GitHub repository (github.com/Litengzheng/vuldb_new/blob/main/F456/vul_139/README.md) disclosing the exploit, and the Tenda vendor site (tenda.com.cn). The exploit has been publicly released and may be actively used.
The vulnerability's public exploit disclosure elevates the risk for unpatched Tenda F456 devices exposed to the internet.
Details
- CWE(s)