F453 Firmware
CVE-2026-3399
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
AnalysisAI
Remote code execution in Tenda F453 firmware versions 1.0.0.3 and earlier results from a buffer overflow in the httpd component's DHCP configuration handler. An authenticated attacker can exploit this vulnerability over the network to achieve complete system compromise, and public exploit code is currently available.
Technical ContextAI
Classified as CWE-119 (Buffer Overflow). Affects F453 Firmware. A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.
More in F453 Firmware
View allRemote code execution in Tenda F453 firmware through a buffer overflow in the P2pListFilter HTTP handler allows authenti
Unauthenticated attackers can trigger a buffer overflow in the Tenda F453 firmware via the webSiteId parameter in the /g
Stack-based buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve full system
Buffer overflow in Tenda F453 firmware versions 1.0.0.3 allows authenticated remote attackers to achieve full system com
Remote code execution in Tenda F453 Firmware 1.0.0.3 allows authenticated attackers to execute arbitrary code via a buff
Remote code execution in Tenda F453 1.0.0.3 DNS firmware via a buffer overflow in the /goform/SetIpBind endpoint allows
Remote code execution in Tenda F453 Firmware 1.0.0.3 allows authenticated attackers to achieve complete system compromis
Buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve complete system compromi
Remote code execution in Tenda F453 firmware (v1.0.0.3) via a buffer overflow in the SafeMacFilter function allows authe
Remote code execution in Tenda F453 firmware allows authenticated attackers to achieve complete system compromise throug
Remote code execution in Tenda F453 firmware through a buffer overflow in the L7Prot HTTP handler allows unauthenticated
Remote code execution in Tenda F453 firmware version 1.0.0.3 allows authenticated attackers to execute arbitrary code vi
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today