CVE-2026-3398:

Buffer overflow vulnerability in Tenda F453 router allows remote attackers to execute arbitrary code.

Score
A numerical rating that indicates how dangerous this vulnerability is.

8.8High

Published Date:Mar 1, 2026
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.1
EPSS Percentile:23%

Exploitability

Score:2.8
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:LOW
User Interaction:NONE
Scope:UNCHANGED

Impact

Score:5.9
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

Buffer overflow vulnerability in Tenda F453 router allows remote attackers to execute arbitrary code.

Overview

The Tenda F453 router contains a critical vulnerability that allows remote attackers to potentially execute arbitrary code or cause a denial of service. The issue stems from improper input validation in the web interface's WAN configuration functionality. Attackers can send specially crafted requests to the affected component to overflow a buffer and potentially take control of the device. This vulnerability has been assigned a CVSS v3.1 base score of 8.8 (High severity) due to its network attack vector, low attack complexity, and high impact on confidentiality, integrity, and availability.

Remediation

As of the vulnerability disclosure, no official patch has been released by Tenda. Users of the affected Tenda F453 router should take the following precautions:
1. Disable remote management of the router if not required.
2. Implement strong network segmentation to isolate the vulnerable device.
3. Monitor for any suspicious network activity or unexpected behavior from the router.
4. Regularly check for firmware updates from Tenda and apply them as soon as they become available.
5. Consider replacing the affected router with a more secure alternative if a patch is not released in a timely manner.