Handler on Duty: Didier Stevens
Threat Level: green
| Published | 2026-05-24 15:16:28 |
|---|---|
| Last Modified | 2026-05-24 15:16:28 |
| AKA | CVE-2026-9389 |
| Summary | A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. |
| CVSS Score | 9 |
| Access Vector | Local | Adjacent | Network |
|---|---|---|---|
| Access Complexity | Low | Medium | High |
| Authentication | None | Single | Multiple |
| Confidentiality | None | Partial | Complete |
| Integrity | None | Partial | Complete |
| Availability | None | Partial | Complete |