CVE-2026-3167
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A security flaw has been discovered in Tenda F453 1.0.0.3. The impacted element is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component httpd. Performing a manipulation of the argument webSiteId results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
Analysis
Unauthenticated attackers can trigger a buffer overflow in the Tenda F453 firmware via the webSiteId parameter in the /goform/webtypelibrary endpoint, enabling remote code execution with full system compromise. Public exploit code is available and actively deployed against affected devices. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Tenda F453 1.0.0.3 devices in production and isolate affected units from critical network segments. Within 7 days: Implement network segmentation and WAF rules to block /goform/webtypelibrary requests; disable the httpd component if operationally feasible, or restrict administrative access via IP whitelisting. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today