CVE-2026-3274
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
Analysis
Remote code execution in Tenda F453 firmware through a buffer overflow in the L7Prot HTTP handler allows unauthenticated attackers to achieve full system compromise via a malicious page parameter. Public exploit code exists for this vulnerability, increasing the risk of widespread attacks. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Tenda F453 devices across the organization and isolate affected units from critical network segments if patching cannot be completed immediately. Within 7 days: Implement network segmentation to restrict access to affected devices and deploy WAF rules to block malicious requests to /goform/L7Prot endpoint. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today