CVE•Published 2026-04-27•Modified 2026-04-30•1 article on news•7 live references•NVD data

CVE-2026-7100Tenda · F456_firmware

Vulnerability data via NVD (ingested)

CVSS v3.1

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS percentile

Exploit Prediction Scoring System · top 86% of all CVEs

Weaknesses (CWE)

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Description

A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.

Timeline

Published 2026-04-27

Modified 2026-04-30

External references

NVD MITRE Exploit-DB GitHub PoC Sploitus trickest/cve VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2026-7100

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · OS

os:"F456 Firmware"

Hosts Shodan identified as running F456 Firmware.

More intel sources (5)

Shodan report

vuln:CVE-2026-7100

Country / ASN / product breakdown for the vuln query.

Censys

vulnerabilities.cve_id: CVE-2026-7100