CVE 8.7 HIGH

Tenda F456 httpd PPTPUserSetting fromPPTPUserSetting buffer overflow_CVE-2026-7080

April 26, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

AI Analysis

Buffer overflow vulnerability in Tenda F456 1.0.0.5, allowing remote attackers to exploit the fromPPTPUserSetting function in the httpd component.

Basic Information

ID CVE-2026-7080

Source VulDB

Published Apr 27, 2026 at 02:45

Affected Product

Vendor Tenda

Product F456

Version 1.0.0.5

Affected Versions Tenda F456 1.0.0.5

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product F456

Version 1.0.0.5

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.",
    "published": "2026-04-27T02:45:12.275Z",
    "modified": "2026-04-27T02:45:12.275Z",
    "type": "cve",
    "title": "Tenda F456 httpd PPTPUserSetting fromPPTPUserSetting buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359655\nhttps://vuldb.com/vuln/359655/cti\nhttps://vuldb.com/submit/798463\nhttps://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_132/README.md\nhttps://www.tenda.com.cn/",
    "id": "CVE-2026-7080",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda F456 1.0.0.5",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "F456",
    "version": "1.0.0.5",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda F456 1.0.0.5, allowing remote attackers to exploit the fromPPTPUserSetting function in the httpd component.",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "F456",
    "ai_version": "1.0.0.5",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply