CVE-2026-3399:
Buffer overflow vulnerability in Tenda F453 1.0.0.3 router's httpd component allows remote attackers to potentially execute arbitrary code.
Score
A numerical rating that indicates how dangerous this vulnerability is.
8.8High- Published Date:Mar 1, 2026
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.1
- EPSS Percentile:26%
Exploitability
- Score:2.8
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:LOW
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Buffer overflow vulnerability in Tenda F453 1.0.0.3 router's httpd component allows remote attackers to potentially execute arbitrary code.
Overview
The Tenda F453 router version 1.0.0.3 contains a critical vulnerability that affects its web server component. The issue stems from improper input validation in the DHCP server configuration functionality. An attacker with low-level access can send specially crafted requests to the affected component, potentially leading to a buffer overflow. This vulnerability is particularly concerning due to its network-based attack vector and low complexity of exploitation. The CVSS v3.1 base score of 8.8 (High) reflects the severity of this issue, indicating significant risks to the confidentiality, integrity, and availability of the affected system. Furthermore, a public exploit is available, increasing the likelihood of active attacks in the wild.
Remediation
- As of the vulnerability disclosure, no official patch or firmware update has been announced by Tenda to address this issue. In the absence of a vendor-provided fix, network administrators and users of affected Tenda F453 routers should implement the following mitigation strategies:
- 1. Limit network exposure of the affected devices, placing them behind firewalls and restricting access to trusted IP addresses only.
- 2. Regularly monitor router logs for suspicious activities or unauthorized access attempts.
- 3. Disable remote administration features if not strictly necessary.
- 4. Implement strong, unique passwords for all router access points.
- 5. Keep an eye on Tenda's official website and support channels for any upcoming security patches or firmware updates.
- 6. Consider replacing the affected router with a more secure alternative if Tenda does not provide a timely security update.
- It is crucial to implement these measures promptly to reduce the risk of potential exploitation.
References
- [1] GitHub. "Tenda F453 Vulnerability Details." https://github.com/Litengzheng/vul_db/blob/main/F453/vul_83/README.md
- [2] VulDB. "Tenda F453 1.0.0.3: Buffer Overflow." https://vuldb.com/?id.348294
- [3] VulDB. "CTI Report: Tenda F453 1.0.0.3." https://vuldb.com/?ctiid.348294
- [4] Tenda. "Official Website." https://www.tenda.com.cn/
- [5] VulDB. "Vulnerability Submission." https://vuldb.com/?submit.759631
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
