CVE-2026-6199
published 2026-04-13CVE-2026-6199: A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page…
PriorityP265high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.47%
37.3th percentile
A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenda | f456 | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.4HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Tenda F456 1.0.0.5 /goform/qossetting fromqossetting page stack-based overflow
vuldb·2026-04-13·CVSS 7.4
CVE-2026-6199 [HIGH] Tenda F456 1.0.0.5 /goform/qossetting fromqossetting page stack-based overflow
A vulnerability categorized as critical has been discovered in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow.
This vulnerability is known as CVE-2026-6199. It is possible to launch the attack remotely. Furthermore, an exploit is available.
GHSA
GHSA-8977-93px-wpcg: A vulnerability was found in Tenda F456 1
ghsa_unreviewed·2026-04-13
CVE-2026-6199 [HIGH] CWE-119 GHSA-8977-93px-wpcg: A vulnerability was found in Tenda F456 1
A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-13
Published