CVE-2026-3165

HighPublic PoC

Published: 25 February 2026

Published

25 February 2026

Modified

25 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the function fromSetWifiGusetBasic of the file /goform/AdvSetWrlsafeset of the component httpd. This manipulation of the argument mit_ssid causes buffer overflow. The attack can be initiated remotely. The exploit has been…

publicly disclosed and may be utilized.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents buffer overflow by validating and sanitizing the mit_ssid argument in the fromSetWifiGusetBasic function of the httpd component.

SI-2 Flaw Remediation good match

prevent

Remediates the specific buffer overflow flaw in Tenda F453 firmware version 1.0.0.3 through timely patching or updates.

SI-16 Memory Protection good match

prevent

Provides architectural protections against memory corruption from buffer overflows, such as non-executable stacks and address space randomization, hindering remote exploitation.

Security SummaryAI

CVE-2026-3165 is a buffer overflow vulnerability in Tenda F453 firmware version 1.0.0.3. The flaw affects the httpd component, specifically the fromSetWifiGusetBasic function in the /goform/AdvSetWrlsafeset file, where manipulation of the mit_ssid argument triggers the overflow. Published on 2026-02-25, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-119 and CWE-120.

An attacker with low privileges can exploit this remotely over the network with low attack complexity and no user interaction. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, potentially enabling arbitrary code execution or system compromise on the affected router.

Advisories from VulDB detail the issue, with exploit code publicly disclosed in a GitHub repository at https://github.com/Litengzheng/vul_db/blob/main/F453/vul_64/README.md. Additional references include VulDB entries and the Tenda website at https://www.tenda.com.cn/, though specific patch or mitigation guidance is not outlined in the CVE description.

Details

CWE(s): CWE-119 CWE-120

Affected Products

tenda

f453 firmware

1.0.0.3

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Buffer overflow in public-facing httpd web interface (fromSetWifiGusetBasic) directly enables remote exploitation of a network device application for RCE (T1190); low-privilege requirement with full C/I/A impact also facilitates local-to-root privilege escalation on the device (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/Litengzheng/vul_db/blob/main/F453/vul_64/README.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.347672
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.347672
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.759587
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com