Tenda F456 addressNat fromaddressNat buffer overflow

A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

Problem type

Affected products

Tenda

F456

1.0.0.5 - AFFECTED

References

VDB-359609 | Tenda F456 addressNat fromaddressNat buffer overflow

https://vuldb.com/vuln/359609

vdb-entrytechnical-description

VDB-359609 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/359609/cti

signaturepermissions-required

Submit #798450 | Tenda F456 v1.0.0.5 Stack-based Buffer Overflow

https://vuldb.com/submit/798450

third-party-advisory

github.com

https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_119/README.md

exploit

tenda.com.cn

https://www.tenda.com.cn/

product

GitHub Security Advisories

GHSA-cppf-3jw8-2ff6

A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function...

https://github.com/advisories/GHSA-cppf-3jw8-2ff6

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-7029

github.com

https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_119/README.md

vuldb.com

https://vuldb.com/submit/798450

vuldb.com

https://vuldb.com/vuln/359609

vuldb.com

https://vuldb.com/vuln/359609/cti

tenda.com.cn

https://www.tenda.com.cn

github.com

https://github.com/advisories/GHSA-cppf-3jw8-2ff6

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-7029

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-7029",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-04-26T09:00:20.112Z",
    "dateReserved": "2026-04-25T14:20:44.606Z",
    "datePublished": "2026-04-26T09:00:20.112Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-04-26T09:00:20.112Z"
      },
      "title": "Tenda F456 addressNat fromaddressNat buffer overflow",
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks."
        }
      ],
      "affected": [
        {
          "vendor": "Tenda",
          "product": "F456",
          "versions": [
            {
              "version": "1.0.0.5",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Buffer Overflow",
              "cweId": "CWE-120",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Memory Corruption",
              "cweId": "CWE-119",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/359609",
          "name": "VDB-359609 | Tenda F456 addressNat fromaddressNat buffer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/359609/cti",
          "name": "VDB-359609 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/submit/798450",
          "name": "Submit #798450 | Tenda F456 v1.0.0.5 Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/Litengzheng/vuldb_new/blob/main/F456/vul_119/README.md",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://www.tenda.com.cn/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "baseScore": 9
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-04-25T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-04-25T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-04-25T16:26:03.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "LtzHust2 (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}