What is the CVSS score of CVE-2026-3271?

CVE-2026-3271 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of F453 Firmware are affected by CVE-2026-3271?

A high-severity remote code execution vulnerability affects Tenda F453 routers with no available patch, exposing organizations using this equipment to potential unauthorized access and network…

Is there a public PoC exploit available for CVE-2026-3271?

Yes, a public proof-of-concept exploit is available for CVE-2026-3271. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-3271?

Within 24 hours: Inventory all Tenda F453 devices in production and isolate affected units from critical network segments. Within 7 days: Implement network-level compensating controls including WAF rules blocking /goform/P2pListFilter requests and restrict httpd access to trusted networks only. Within 30 days: Develop a replacement plan for affected Tenda devices with alternative vendors, as the vulnerability remains unpatched.

F453 Firmware CVE-2026-3271

HIGH

Buffer Overflow (CWE-119)

2026-02-27 cna@vuldb.com

Buffer Overflow F453 Firmware

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 27, 2026 - 18:30 vuln.today

Public exploit code

CVE Published

Feb 27, 2026 - 00:16 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability was found in Tenda F453 1.0.0.3. This impacts the function fromP2pListFilter of the file /goform/P2pListFilterof of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.

AnalysisAI

Remote code execution in Tenda F453 firmware through a buffer overflow in the P2pListFilter HTTP handler allows authenticated attackers to achieve complete system compromise. Public exploit code exists for this vulnerability, creating immediate risk for deployed devices. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to Tenda F453 httpd

Delivery

Send crafted request to /goform/P2pListFilter

Exploit

Inject oversized 'page' parameter

Execution

Trigger stack buffer overflow

Impact

Execute arbitrary code with httpd privileges

Access

Authenticate to Tenda F453 httpd

Delivery

Send crafted request to /goform/P2pListFilter

Exploit

Inject oversized 'page' parameter

Execution

Trigger stack buffer overflow

Impact

Execute arbitrary code with httpd privileges

Vulnerability AssessmentAI

Exploitation	Tenda F453 firmware version 1.0.0.3 with httpd service enabled; valid user credentials required for authentication to access /goform/P2pListFilter endpoint Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 8.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker could exploit this flaw, buffer overflow.
Remediation	Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Tenda F453 devices in production and isolate affected units from critical network segments. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-3271 vulnerability details – vuln.today

Back

F453 Firmware CVE-2026-3271

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code