CVE-2026-7078: Tenda F456 Router Buffer Overflow Exposes Networks

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitybuffer-overflowcwe-119cwe-120
CVE-2026-7078: Tenda F456 Router Buffer Overflow Exposes Networks

The National Vulnerability Database has disclosed CVE-2026-7078, a high-severity buffer overflow vulnerability in the Tenda F456 router, specifically version 1.0.0.5. This flaw resides within the fromSetIpBind function of the /goform/SetIpBind component, accessible via the httpd service. Manipulation of the page argument can lead to remote code execution.

Rated with a CVSSv3.1 score of 8.8 (High), this vulnerability is critical because it allows unauthenticated remote attackers to trigger the buffer overflow. The exploit has been publicly released, meaning the window between disclosure and active exploitation is effectively zero. Attackers can leverage this to gain full control over affected devices, pivot into internal networks, and establish persistence.

This isn’t just about router compromise; it’s about network perimeter collapse. Tenda devices are common in SMBs and home offices. A compromised router becomes a launchpad for further attacks, data exfiltration, or even a botnet node. Defenders must assume that any unpatched Tenda F456 1.0.0.5 router is already compromised or will be soon.

What This Means For You

  • If your organization or remote workforce uses Tenda F456 1.0.0.5 routers, you need to isolate and patch them immediately. If no patch is available, replace them. This is a critical perimeter vulnerability with public exploits. Assume compromise and hunt for abnormal outbound connections or unauthorized access attempts from these devices.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1200 Hardware Additions Persistence

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-7078: Tenda F456 Router SetIpBind Buffer Overflow Attempt

Sigma YAML — free preview 
title: CVE-2026-7078: Tenda F456 Router SetIpBind Buffer Overflow Attempt
id: scw-2026-04-27-ai-1
status: experimental
level: critical
description: |
  Detects attempts to exploit CVE-2026-7078 by targeting the SetIpBind function in Tenda F456 routers. The exploit involves sending a POST request to '/goform/SetIpBind' with a manipulated 'page' parameter, leading to a buffer overflow. This rule specifically looks for the vulnerable URI and the presence of the 'page=' argument in the query string, indicating a potential exploit attempt.
author: SCW Feed Engine (AI-generated)
date: 2026-04-27
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-7078/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri: '/goform/SetIpBind'
      cs-method: 'POST'
      cs-uri-query|contains:
          - 'page='
  selection_base:
      EventType: 'webserver-access'
  condition: selection_base AND selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-7078 Buffer Overflow Tenda F456 version 1.0.0.5
CVE-2026-7078 Buffer Overflow Vulnerable component: httpd
CVE-2026-7078 Buffer Overflow Vulnerable function: fromSetIpBind in /goform/SetIpBind
CVE-2026-7078 Buffer Overflow Manipulation of argument 'page'

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 27, 2026 at 06:15 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-7085 — The Function Z.Url Of The File Src/Routes/Setting/About/Down Path Traversal

CVE-2026-7085 — A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component...

vulnerabilityCVEmedium-severitypath-traversalcwe-22
/SCW Vulnerability Desk /MEDIUM /5 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-7084 — HBAI-Ltd Toonflow-App Server-Side Request Forgery

CVE-2026-7084 — A vulnerability was found in HBAI-Ltd Toonflow-app up to 1.1.1. This affects the function fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts of the component getCodeByLink...

vulnerabilityCVEmedium-severityserver-side-request-forgerycwe-918
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-7083 — Likeadmin-Likeshop Likeadmin_php SQL Injection

CVE-2026-7083 — A vulnerability has been found in likeadmin-likeshop likeadmin_php up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php...

vulnerabilityCVEmedium-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /MEDIUM /4.7 /⚑ 3 IOCs /⚙ 3 Sigma