Skip to main content

F453 Firmware CVE-2026-3728

HIGH
Buffer Overflow (CWE-119)
2026-03-08 cna@vuldb.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Mar 09, 2026 - 15:24 vuln.today
Public exploit code
CVE Published
Mar 08, 2026 - 10:15 nvd
HIGH 8.8

DescriptionCVE.org

A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

AnalysisAI

Stack-based buffer overflow in Tenda F453 firmware versions 1.0.0.3/1.1f allows authenticated remote attackers to execute arbitrary code through malformed funcname/funcpara1 parameters in the /goform/setcfm endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score of 8.8 reflects the complete compromise potential of affected devices.

Technical ContextAI

Classified as CWE-119 (Buffer Overflow). Affects F453 Firmware. A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.

CVE-2026-3271 HIGH POC
8.8 Feb 27

Remote code execution in Tenda F453 firmware through a buffer overflow in the P2pListFilter HTTP handler allows authenti

CVE-2026-3167 HIGH POC
8.8 Feb 25

Unauthenticated attackers can trigger a buffer overflow in the Tenda F453 firmware via the webSiteId parameter in the /g

CVE-2026-3726 HIGH POC
8.8 Mar 08

Stack-based buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve full system

CVE-2026-3399 HIGH POC
8.8 Mar 01

Remote code execution in Tenda F453 firmware versions 1.0.0.3 and earlier results from a buffer overflow in the httpd co

CVE-2026-3398 HIGH POC
8.8 Mar 01

Buffer overflow in Tenda F453 firmware versions 1.0.0.3 allows authenticated remote attackers to achieve full system com

CVE-2026-3380 HIGH POC
8.8 Mar 01

Remote code execution in Tenda F453 Firmware 1.0.0.3 allows authenticated attackers to execute arbitrary code via a buff

CVE-2026-3379 HIGH POC
8.8 Mar 01

Remote code execution in Tenda F453 1.0.0.3 DNS firmware via a buffer overflow in the /goform/SetIpBind endpoint allows

CVE-2026-3378 HIGH POC
8.8 Mar 01

Remote code execution in Tenda F453 Firmware 1.0.0.3 allows authenticated attackers to achieve complete system compromis

CVE-2026-3377 HIGH POC
8.8 Mar 01

Buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve complete system compromi

CVE-2026-3376 HIGH POC
8.8 Feb 28

Remote code execution in Tenda F453 firmware (v1.0.0.3) via a buffer overflow in the SafeMacFilter function allows authe

CVE-2026-3275 HIGH POC
8.8 Feb 27

Remote code execution in Tenda F453 firmware allows authenticated attackers to achieve complete system compromise throug

CVE-2026-3274 HIGH POC
8.8 Feb 27

Remote code execution in Tenda F453 firmware through a buffer overflow in the L7Prot HTTP handler allows unauthenticated

Share

CVE-2026-3728 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy