Tenda F456 Firmware vulnerabilities

CVE-2026-7029 [HIGH] CWE-119 CVE-2026-7029: A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddre A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

CVE-2026-7057 [HIGH] CWE-119 CVE-2026-7057: A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.