CVE-2026-3398

HighPublic PoC

Published: 01 March 2026

Published

01 March 2026

Modified

03 March 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. Executing a manipulation of the argument wanmode/PPPOEPassword can lead to buffer overflow. The attack can be launched remotely. The…

exploit has been publicly disclosed and may be utilized.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Mandates validation of untrusted inputs like wanmode and PPPOEPassword arguments to prevent buffer overflows in the httpd component.

SI-2 Flaw Remediation good match

prevent

Requires timely remediation through firmware updates to address the specific buffer overflow vulnerability in Tenda F453 httpd.

SI-16 Memory Protection partial match

prevent

Provides memory protections such as address space layout randomization and data execution prevention to mitigate arbitrary code execution from buffer overflows.

Security SummaryAI

CVE-2026-3398 is a buffer overflow vulnerability in Tenda F453 firmware version 1.0.0.3. The flaw affects the fromAdvSetWan function in the /goform/AdvSetWan file of the httpd component, where manipulation of the wanmode or PPPOEPassword argument triggers the overflow. Associated with CWE-119 and CWE-120, it was published on 2026-03-01 and carries a CVSS 3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A remote attacker with low privileges can exploit this vulnerability without user interaction. Successful exploitation leads to high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data compromise, or denial of service on the affected router.

Advisories from VulDB (ctiid.348293, id.348293, submit.759630) and a GitHub repository (Litengzheng/vul_db) provide further details, including exploit information. The Tenda website (tenda.com.cn) may offer relevant firmware updates or mitigation guidance.

The exploit has been publicly disclosed and may be utilized, heightening risks for exposed Tenda F453 devices.

Details

CWE(s): CWE-119 CWE-120

Affected Products

tenda

f453 firmware

1.0.0.3

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Buffer overflow RCE in exposed httpd web interface (/goform/AdvSetWan) directly enables remote exploitation of a public-facing application (T1190) from low-privilege credentials, resulting in arbitrary code execution and effective privilege escalation (T1068) on the network device.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/Litengzheng/vul_db/blob/main/F453/vul_82/README.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.348293
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.348293
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.759630
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com