CVE 8.7 HIGH

Tenda F456 httpd PPTPDClient fromPptpUserAdd buffer overflow_CVE-2026-7054

April 26, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the argument opttype/usernamewith can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

AI Analysis

Buffer overflow vulnerability in Tenda F456's httpd PPTPDClient component

Basic Information

ID CVE-2026-7054

Source VulDB

Published Apr 26, 2026 at 16:45

Affected Product

Vendor Tenda

Product F456

Version 1.0.0.5

Affected Versions Tenda F456 1.0.0.5

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product F456

Version 1.0.0.5

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the argument opttype/usernamewith can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.",
    "published": "2026-04-26T16:45:12.153Z",
    "modified": "2026-04-26T16:45:12.153Z",
    "type": "cve",
    "title": "Tenda F456 httpd PPTPDClient fromPptpUserAdd buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359627\nhttps://vuldb.com/vuln/359627/cti\nhttps://vuldb.com/submit/798456\nhttps://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_125/README.md\nhttps://www.tenda.com.cn/",
    "id": "CVE-2026-7054",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda F456 1.0.0.5",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "F456",
    "version": "1.0.0.5",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda F456's httpd PPTPDClient component",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "F456",
    "ai_version": "1.0.0.5",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply