<0.1% probability · 23.3th percentile — 2026-05-12
Affected versions
Tenda F456 1.0.0.5
Summary
This is a buffer overflow vulnerability in the httpd management service of widely deployed Tenda F456 consumer routers. The flaw exists in the fromSetIpBind function handling requests to the /goform/SetIpBind endpoint. Attackers can exploit this vulnerability remotely to execute arbitrary code or trigger a denial of service on the affected device.
Remediation
Check for official firmware updates from Tenda and apply any available security patches immediately. If no patch is available, restrict access to the httpd management interface to only trusted IP addresses. Disable remote management functionality if it is not required.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.