Skip to main content

F453 Firmware CVE-2026-3377

HIGH
Buffer Overflow (CWE-119)
2026-03-01 cna@vuldb.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 22:05 vuln.today
PoC Detected
Mar 03, 2026 - 17:34 vuln.today
Public exploit code
CVE Published
Mar 01, 2026 - 00:16 nvd
HIGH 8.8

DescriptionCVE.org

A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Performing a manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

AnalysisAI

Buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve complete system compromise through manipulation of the SafeUrlFilter page parameter. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges.

Technical ContextAI

Classified as CWE-119 (Buffer Overflow). Affects F453 Firmware. A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Performing a manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.

CVE-2026-3271 HIGH POC
8.8 Feb 27

Remote code execution in Tenda F453 firmware through a buffer overflow in the P2pListFilter HTTP handler allows authenti

CVE-2026-3167 HIGH POC
8.8 Feb 25

Unauthenticated attackers can trigger a buffer overflow in the Tenda F453 firmware via the webSiteId parameter in the /g

CVE-2026-3726 HIGH POC
8.8 Mar 08

Stack-based buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve full system

CVE-2026-3399 HIGH POC
8.8 Mar 01

Remote code execution in Tenda F453 firmware versions 1.0.0.3 and earlier results from a buffer overflow in the httpd co

CVE-2026-3398 HIGH POC
8.8 Mar 01

Buffer overflow in Tenda F453 firmware versions 1.0.0.3 allows authenticated remote attackers to achieve full system com

CVE-2026-3380 HIGH POC
8.8 Mar 01

Remote code execution in Tenda F453 Firmware 1.0.0.3 allows authenticated attackers to execute arbitrary code via a buff

CVE-2026-3379 HIGH POC
8.8 Mar 01

Remote code execution in Tenda F453 1.0.0.3 DNS firmware via a buffer overflow in the /goform/SetIpBind endpoint allows

CVE-2026-3378 HIGH POC
8.8 Mar 01

Remote code execution in Tenda F453 Firmware 1.0.0.3 allows authenticated attackers to achieve complete system compromis

CVE-2026-3376 HIGH POC
8.8 Feb 28

Remote code execution in Tenda F453 firmware (v1.0.0.3) via a buffer overflow in the SafeMacFilter function allows authe

CVE-2026-3275 HIGH POC
8.8 Feb 27

Remote code execution in Tenda F453 firmware allows authenticated attackers to achieve complete system compromise throug

CVE-2026-3274 HIGH POC
8.8 Feb 27

Remote code execution in Tenda F453 firmware through a buffer overflow in the L7Prot HTTP handler allows unauthenticated

CVE-2026-3273 HIGH POC
8.8 Feb 27

Remote code execution in Tenda F453 firmware version 1.0.0.3 allows authenticated attackers to execute arbitrary code vi

Share

CVE-2026-3377 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy