Which versions of Tenda are affected by CVE-2026-4552?

A critical vulnerability in Tenda F453 routers enables authenticated attackers to execute arbitrary code, steal data, or crash devices through a publicly available exploit.

Is there a public PoC exploit available for CVE-2026-4552?

Yes, a public proof-of-concept exploit is available for CVE-2026-4552. Prioritise patching immediately. EPSS: 0.0%.

Tenda CVE-2026-4552

Q: What is the CVSS score of CVE-2026-4552?

CVE-2026-4552 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-14313 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-03-22 VulDB

GHSA-hwc3-99fx-qcgr

Buffer Overflow Stack Overflow Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 02, 2026 - 20:50 vuln.today

Public exploit code

EUVD ID Assigned

Mar 22, 2026 - 14:45 euvd

EUVD-2026-14313

Analysis Generated

Mar 22, 2026 - 14:45 vuln.today

CVE Published

Mar 22, 2026 - 14:31 nvd

HIGH 7.4

DescriptionNVD

A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

AnalysisAI

Stack-based buffer overflow in Tenda F453 firmware version 1.0.0.3 allows remote attackers to achieve complete system compromise through manipulation of the page parameter in the VirtualSer handler. Public exploit code exists for this vulnerability, and no patch is currently available. …

RemediationAI

Within 24 hours: Identify all Tenda F453 devices running firmware 1.0.0.3 in your environment and isolate them from critical network segments. Within 7 days: Implement compensating controls including network access restrictions, disable the VirtualSer feature if operationally feasible, and deploy WAF rules blocking /goform/VirtualSer requests. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-4552 vulnerability details – vuln.today

Back

Tenda CVE-2026-4552

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda CVE-2026-4552

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code