<0.1% probability · 23.3th percentile — 2026-05-12
Affected versions
Tenda F456 1.0.0.5
Summary
This is a remotely exploitable buffer overflow vulnerability affecting the httpd service of Tenda F456 firmware 1.0.0.5. The issue exists in the fromPPTPUserSetting function that processes requests to the /goform/PPTPUserSetting endpoint. Malicious manipulation of the delno input argument triggers an out-of-bounds buffer overflow.
Remediation
No official security patch is currently available from Tenda for this flaw. Limit network access to the affected device's management interface to trusted parties only. Watch for official security updates from the vendor and apply updates immediately if they are released.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.