Tenda F456 Router Vulnerability: Remote Buffer Overflow (CVE-2026-7097)

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitybuffer-overflowcwe-119cwe-120
Tenda F456 Router Vulnerability: Remote Buffer Overflow (CVE-2026-7097)

A critical buffer overflow vulnerability, identified as CVE-2026-7097, has been discovered in Tenda F456 1.0.0.5 routers. According to the National Vulnerability Database, this flaw resides in the fromwebExcptypemanFilter function within the /goform/webExcptypemanFilter component of the httpd service. Manipulating the page argument can trigger the overflow, leading to severe consequences.

The National Vulnerability Database assesses this vulnerability with a CVSS v3.1 score of 8.8 (HIGH), indicating a significant risk. The attack vector is network-based, requires low privileges, and does not necessitate user interaction, making it highly attractive for attackers. Both confidentiality and integrity are heavily impacted, along with availability.

Crucially, exploit code for CVE-2026-7097 has been made publicly available. This immediately elevates the threat level, as it lowers the bar for less sophisticated attackers to weaponize the vulnerability. Organizations and individuals using affected Tenda F456 routers are now exposed to direct, remote exploitation.

What This Means For You

  • If your organization or home network relies on a Tenda F456 1.0.0.5 router, you are directly exposed to CVE-2026-7097. Given the public availability of exploit code, assume active targeting. Immediately identify these devices within your environment and implement network segmentation to isolate them. If a patch isn't available, consider replacing the device or implementing stringent access controls to the router's administration interface, limiting it to trusted internal networks only.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1200 Hardware Additions Persistence

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-7097 - Tenda F456 Remote Buffer Overflow via webExcptypemanFilter

Sigma YAML — free preview 
title: CVE-2026-7097 - Tenda F456 Remote Buffer Overflow via webExcptypemanFilter
id: scw-2026-04-27-ai-1
status: experimental
level: critical
description: |
  Detects attempts to exploit CVE-2026-7097 by targeting the vulnerable '/goform/webExcptypemanFilter' endpoint on Tenda F456 routers. The exploit involves sending a POST request with a 'page=' parameter that triggers a buffer overflow. This rule specifically looks for the vulnerable URI path and the presence of the 'page=' parameter in the query string, indicating a potential exploit attempt.
author: SCW Feed Engine (AI-generated)
date: 2026-04-27
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-7097/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/goform/webExcptypemanFilter'
      cs-uri-query|contains:
          - 'page='
  selection_base:
      cs-method:
          - 'POST'
  condition: selection AND selection_base
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-7097 Buffer Overflow Tenda F456 1.0.0.5
CVE-2026-7097 Buffer Overflow Vulnerable function: fromwebExcptypemanFilter
CVE-2026-7097 Buffer Overflow Vulnerable file: /goform/webExcptypemanFilter
CVE-2026-7097 Buffer Overflow Vulnerable component: httpd
CVE-2026-7097 Buffer Overflow Vulnerable argument: page

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 27, 2026 at 11:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-7108 — Code-Projects Invoice System In Laravel Vulnerability

CVE-2026-7108 — A security vulnerability has been detected in code-projects Invoice System in Laravel 1.0. This affects an unknown function. Such manipulation leads to cross-site...

vulnerabilityCVEmedium-severitycwe-352cwe-862
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 3 IOCs /⚙ 2 Sigma

CVE-2026-7107 — Unrestricted File Upload

CVE-2026-7107 — A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company....

vulnerabilityCVEmedium-severityunrestricted-file-uploadcwe-284cwe-434
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-7102 — Tenda F456 Command Injection

CVE-2026-7102 — A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation...

vulnerabilityCVEmedium-severitycommand-injectioncwe-74cwe-77
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 2 Sigma