<0.1% probability · 23.3th percentile — 2026-05-12
Affected versions
Tenda F456 1.0.0.5
Summary
This is a remotely exploitable buffer overflow vulnerability in the httpd service of Tenda F456 firmware version 1.0.0.5. It occurs in the fromAdvSetWan function that handles requests to the /goform/AdvSetWan endpoint. Improper input handling of the wanmode argument leads to buffer overflow that can be abused by remote attackers.
Remediation
No official vendor patch has been released for this vulnerability as of now. Restrict access to the Tenda F456 management interface to only trusted IP addresses and internal networks. Consider replacing the unsupported affected device if no patch is published in a timely manner.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.