EUVD-2026-16963
GHSA-pcxg-4cp2-qqj4
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Analysis
Stack-based buffer overflow in Tenda F453 router firmware 1.0.0.3 allows authenticated remote attackers to execute arbitrary code or crash the device via the PPTP user configuration interface. The vulnerability resides in the fromPPTPUserSetting function within the httpd component, triggered by manipulating the 'delno' parameter. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Tenda F453 devices running firmware 1.0.0.3 and disable remote management access (PPTP configuration interface) or restrict access via network segmentation. Within 7 days: Apply the strongest available firmware update from Tenda if available above version 1.0.0.3; if no newer version exists, implement firewall rules to block access to the httpd management port (typically 80/443) from untrusted networks. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today