CVE-2026-3377:
Buffer overflow vulnerability in Tenda F453 router allows remote attackers to execute arbitrary code.
Score
A numerical rating that indicates how dangerous this vulnerability is.
8.8High- Published Date:Mar 1, 2026
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.1
- EPSS Percentile:26%
Exploitability
- Score:2.8
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:LOW
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Buffer overflow vulnerability in Tenda F453 router allows remote attackers to execute arbitrary code.
Overview
The Tenda F453 router contains a critical vulnerability that allows remote attackers to potentially execute arbitrary code or cause denial of service. The issue stems from improper input validation in the SafeUrlFilter functionality. Attackers can exploit this by sending specially crafted requests to the affected component, potentially leading to buffer overflow. The vulnerability has been assigned a CVSS v3.1 base score of 8.8, indicating high severity. The attack vector is network-based, requires low attack complexity, and no user interaction, making it relatively easy to exploit. The impact of successful exploitation could be severe, potentially compromising the confidentiality, integrity, and availability of the affected system.
Remediation
- As of the vulnerability disclosure, no official patch or firmware update has been released by Tenda to address this issue. Users of the Tenda F453 router should take the following precautions:
- 1. Monitor the Tenda website for firmware updates and apply them as soon as they become available.
- 2. Implement strong network segmentation to isolate the vulnerable device from critical networks.
- 3. Restrict remote access to the router's management interface.
- 4. Enable and configure the router's firewall to limit incoming connections.
- 5. Regularly monitor router logs for any suspicious activities.
- 6. Consider replacing the affected router with a more secure alternative if a patch is not released in a timely manner.
- It is crucial for network administrators and users to stay informed about any updates or advisories from Tenda regarding this vulnerability.
References
- [1] GitHub - Litengzheng/vul_db: F453 vulnerability details. https://github.com/Litengzheng/vul_db/blob/main/F453/vul_77/README.md
- [2] VulDB - Vulnerability entry 348262. https://vuldb.com/?id.348262
- [3] Tenda official website. https://www.tenda.com.cn/
- [4] VulDB - CTI entry 348262. https://vuldb.com/?ctiid.348262
- [5] VulDB - Submission 759624. https://vuldb.com/?submit.759624
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
