CVE-2026-3168

HighPublic PoC

Published: 25 February 2026

Published

25 February 2026

Modified

25 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromNatStaticSetting of the file /goform/NatStaticSetting of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely.…

The exploit has been made available to the public and could be used for attacks.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Remediates the buffer overflow vulnerability in the httpd /goform/NatStaticSetting endpoint by applying vendor firmware patches or updates.

SI-10 Information Input Validation good match

prevent

Enforces validation of the 'page' argument to prevent buffer overflow exploitation in the fromNatStaticSetting function.

SI-16 Memory Protection good match

prevent

Deploys memory protections like ASLR and DEP to mitigate arbitrary code execution from buffer overflows in the httpd component.

Security SummaryAI

CVE-2026-3168 is a buffer overflow vulnerability affecting Tenda F453 firmware version 1.0.0.3. The issue resides in the fromNatStaticSetting function within the /goform/NatStaticSetting endpoint of the httpd component. It is triggered by manipulating the 'page' argument, leading to a buffer overflow condition classified under CWE-119 and CWE-120. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-02-25.

The vulnerability enables remote exploitation by an attacker with low privileges (PR:L), requiring low attack complexity and no user interaction. Successful exploitation can result in high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the affected device.

References include a GitHub repository containing a publicly available exploit at https://github.com/Litengzheng/vul_db/blob/main/F453/vul_67/README.md, multiple VulDB entries detailing the issue (https://vuldb.com/?ctiid.347675, https://vuldb.com/?id.347675, https://vuldb.com/?submit.759595), and the vendor's website at https://www.tenda.com.cn/. Security practitioners should consult these for any patch availability or mitigation guidance, as the public exploit increases the risk of active attacks.

Details

CWE(s): CWE-119 CWE-120

Affected Products

tenda

f453 firmware

1.0.0.3

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Buffer overflow RCE in public-facing httpd web endpoint (/goform/NatStaticSetting) with low-priv remote trigger enables T1190 (Exploit Public-Facing Application) for initial access and T1068 (Exploitation for Privilege Escalation) to achieve arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/Litengzheng/vul_db/blob/main/F453/vul_67/README.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.347675
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.347675
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.759595
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com