CVE-2026-3378:
Buffer overflow vulnerability in Tenda F453 1.0.0.3 router's QoS settings function allows remote attackers to execute arbitrary code.
Score
A numerical rating that indicates how dangerous this vulnerability is.
8.8High- Published Date:Mar 1, 2026
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.1
- EPSS Percentile:23%
Exploitability
- Score:2.8
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:LOW
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Buffer overflow vulnerability in Tenda F453 1.0.0.3 router's QoS settings function allows remote attackers to execute arbitrary code.
Overview
The Tenda F453 router vulnerability (CVE-2026-3378) is a high-severity buffer overflow flaw that affects the Quality of Service (QoS) settings functionality. With a CVSS v3.1 base score of 8.8, this vulnerability poses a significant risk to affected systems. The flaw allows remote attackers with low privileges to potentially execute arbitrary code or cause denial of service. The vulnerability stems from improper bounds checking in the fromqossetting function, which processes QoS configurations. Successful exploitation could lead to complete compromise of the router, potentially impacting the confidentiality, integrity, and availability of the device and the network it manages.
Remediation
- To address this vulnerability, the following steps are recommended:
- 1. Check if your Tenda F453 router is running firmware version 1.0.0.3.
- 2. Visit the official Tenda website regularly to check for firmware updates that address this vulnerability.
- 3. Apply any security patches or firmware updates as soon as they become available.
- 4. If no patch is available, consider implementing network-level protections such as firewalls or intrusion detection systems to monitor and filter potentially malicious traffic targeting the vulnerable QoS function.
- 5. Limit remote access to the router's management interface and use strong, unique passwords for all accounts.
- 6. Monitor router logs for any suspicious activities that might indicate exploitation attempts.
- 7. Consider replacing the affected router with a more secure alternative if Tenda does not provide a timely security update.
References
- [1] GitHub - Tenda F453 Vulnerability Details. https://github.com/Litengzheng/vul_db/blob/main/F453/vul_78/README.md
- [2] VulDB - CVE-2026-3378 Technical Details. https://vuldb.com/?id.348263
- [3] VulDB - CVE-2026-3378 CTI Report. https://vuldb.com/?ctiid.348263
- [4] Tenda Official Website. https://www.tenda.com.cn/
- [5] VulDB - Submission Information. https://vuldb.com/?submit.759625
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
