Tenda F456 vulnerabilities

CVE-2026-6199 [HIGH] CWE-119 CVE-2026-6199: A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used.

CVE-2026-6198 [HIGH] CWE-119 CVE-2026-6198: A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticS A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2026-6197 [HIGH] CWE-119 CVE-2026-6197: A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Executing a manipulation of the argument mit_ssid can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.

CVE-2026-6196 [HIGH] CWE-119 CVE-2026-6196: A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.

CVE-2026-6200 [HIGH] CWE-119 CVE-2026-6200: A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebty A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.