F453 Firmware
CVE-2026-3729
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
AnalysisAI
Remote code execution in Tenda F453 firmware versions 1.0.0.3 and 3.As via stack-based buffer overflow in the PPTP client configuration endpoint allows unauthenticated network attackers to achieve full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected devices.
Technical ContextAI
Classified as CWE-119 (Buffer Overflow). Affects F453 Firmware. A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.
More in F453 Firmware
View allRemote code execution in Tenda F453 firmware through a buffer overflow in the P2pListFilter HTTP handler allows authenti
Unauthenticated attackers can trigger a buffer overflow in the Tenda F453 firmware via the webSiteId parameter in the /g
Stack-based buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve full system
Remote code execution in Tenda F453 firmware versions 1.0.0.3 and earlier results from a buffer overflow in the httpd co
Buffer overflow in Tenda F453 firmware versions 1.0.0.3 allows authenticated remote attackers to achieve full system com
Remote code execution in Tenda F453 Firmware 1.0.0.3 allows authenticated attackers to execute arbitrary code via a buff
Remote code execution in Tenda F453 1.0.0.3 DNS firmware via a buffer overflow in the /goform/SetIpBind endpoint allows
Remote code execution in Tenda F453 Firmware 1.0.0.3 allows authenticated attackers to achieve complete system compromis
Buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve complete system compromi
Remote code execution in Tenda F453 firmware (v1.0.0.3) via a buffer overflow in the SafeMacFilter function allows authe
Remote code execution in Tenda F453 firmware allows authenticated attackers to achieve complete system compromise throug
Remote code execution in Tenda F453 firmware through a buffer overflow in the L7Prot HTTP handler allows unauthenticated
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today