CVE-2026-3399

HighPublic PoC

Published: 01 March 2026

Published

01 March 2026

Modified

03 March 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely.…

The exploit is publicly available and might be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely identification, reporting, and patching of the buffer overflow flaw in the httpd component's fromGstDhcpSetSer function directly eliminates the vulnerability in Tenda F453 firmware.

SI-10 Information Input Validation good match

prevent

Validating the length and format of the 'dips' argument in HTTP requests to /goform/GstDhcpSetSer prevents the buffer overflow triggered by oversized or malformed input.

SI-16 Memory Protection partial match

prevent

Memory protections such as address space layout randomization and stack canaries mitigate successful exploitation of the buffer overflow even if the underlying flaw persists.

Security SummaryAI

CVE-2026-3399 is a buffer overflow vulnerability in Tenda F453 firmware version 1.0.0.3. The flaw affects the fromGstDhcpSetSer function in the /goform/GstDhcpSetSer file of the httpd component, where manipulation of the dips argument triggers the overflow. Published on 2026-03-01, it is associated with CWE-119 and CWE-120.

The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely with low attack complexity and low privileges required. An attacker meeting these conditions can achieve high impacts on confidentiality, integrity, and availability, such as potential remote code execution via the buffer overflow.

Advisories and details are available via VulDB entries (https://vuldb.com/?ctiid.348294, https://vuldb.com/?id.348294, https://vuldb.com/?submit.759631) and the vendor site (https://www.tenda.com.cn/). A public exploit is documented on GitHub (https://github.com/Litengzheng/vul_db/blob/main/F453/vul_83/README.md) and might be used.

The exploit is publicly available, increasing the risk of active exploitation against unpatched Tenda F453 devices.

Details

CWE(s): CWE-119 CWE-120

Affected Products

tenda

f453 firmware

1.0.0.3

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in the httpd web management interface (public-facing) directly enables remote exploitation for RCE with low privileges, mapping to T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/Litengzheng/vul_db/blob/main/F453/vul_83/README.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.348294
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.348294
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.759631
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com