Which versions of Tenda are affected by CVE-2026-5021?

CVE-2026-5021 is a high-severity stack buffer overflow in Tenda F453 router firmware (version 1.0.0.3) that allows authenticated attackers to execute arbitrary code or disable the device through the…

Is there a public PoC exploit available for CVE-2026-5021?

Yes, a public proof-of-concept exploit is available for CVE-2026-5021. Prioritise patching immediately. EPSS: 0.0%.

Tenda CVE-2026-5021

Q: What is the CVSS score of CVE-2026-5021?

CVE-2026-5021 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-16963 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-03-29 VulDB

GHSA-pcxg-4cp2-qqj4

Buffer Overflow Stack Overflow Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Mar 30, 2026 - 19:01 vuln.today

Public exploit code

EUVD ID Assigned

Mar 29, 2026 - 01:30 euvd

EUVD-2026-16963

Analysis Generated

Mar 29, 2026 - 01:30 vuln.today

CVE Published

Mar 29, 2026 - 01:15 nvd

HIGH 7.4

DescriptionNVD

A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

AnalysisAI

Stack-based buffer overflow in Tenda F453 router firmware 1.0.0.3 allows authenticated remote attackers to execute arbitrary code or crash the device via the PPTP user configuration interface. The vulnerability resides in the fromPPTPUserSetting function within the httpd component, triggered by manipulating the 'delno' parameter. …

RemediationAI

Within 24 hours: Inventory all Tenda F453 devices running firmware 1.0.0.3 and disable remote management access (PPTP configuration interface) or restrict access via network segmentation. Within 7 days: Apply the strongest available firmware update from Tenda if available above version 1.0.0.3; if no newer version exists, implement firewall rules to block access to the httpd management port (typically 80/443) from untrusted networks. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-5021 vulnerability details – vuln.today

Back

Tenda CVE-2026-5021

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda CVE-2026-5021

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code