{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3399", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-01T06:34:46.523Z", "datePublished": "2026-03-01T23:02:09.578Z", "dateUpdated": "2026-03-02T16:00:38.866Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-01T23:02:09.578Z"}, "title": "Tenda F453 httpd GstDhcpSetSer fromGstDhcpSetSer buffer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "F453", "versions": [{"version": "1.0.0.3", "status": "affected"}], "cpes": ["cpe:2.3:o:tenda:f453_firmware:*:*:*:*:*:*:*:*"], "modules": ["httpd"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-01T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-01T07:39:53.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "LtzHust2 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.348294", "name": "VDB-348294 | Tenda F453 httpd GstDhcpSetSer fromGstDhcpSetSer buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.348294", "name": "VDB-348294 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.759631", "name": "Submit #759631 | Tenda F453 v1.0.0.3 Buffer Access Using Size of Source Buffer", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Litengzheng/vul_db/blob/main/F453/vul_83/README.md", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T16:00:28.018795Z", "id": "CVE-2026-3399", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T16:00:38.866Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3399", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-02T16:00:28.018795Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T16:00:33.981Z"}}], "cna": {"title": "Tenda F453 httpd GstDhcpSetSer fromGstDhcpSetSer buffer overflow", "credits": [{"lang": "en", "type": "reporter", "value": "LtzHust2 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:o:tenda:f453_firmware:*:*:*:*:*:*:*:*"], "vendor": "Tenda", "modules": ["httpd"], "product": "F453", "versions": [{"status": "affected", "version": "1.0.0.3"}]}], "timeline": [{"lang": "en", "time": "2026-03-01T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-01T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-01T07:39:53.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.348294", "name": "VDB-348294 | Tenda F453 httpd GstDhcpSetSer fromGstDhcpSetSer buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.348294", "name": "VDB-348294 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.759631", "name": "Submit #759631 | Tenda F453 v1.0.0.3 Buffer Access Using Size of Source Buffer", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Litengzheng/vul_db/blob/main/F453/vul_83/README.md", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-01T23:02:09.578Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3399", "state": "PUBLISHED", "dateUpdated": "2026-03-02T16:00:38.866Z", "dateReserved": "2026-03-01T06:34:46.523Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-01T23:02:09.578Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:f453_firmware:1.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "66CB876C-7D99-4A12-91E3-FE153293C3F2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:f453:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B2C42B3-1621-4323-BAA4-4B71C33F7C4B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad en Tenda F453 1.0.0.3, la cual afecta a la funci\u00f3n fromGstDhcpSetSer del archivo /goform/GstDhcpSetSer del componente httpd. Si se manipula el argumento dips se provoca un desbordamiento del b\u00fafer. El ataque puede ser iniciado en remoto. El exploit est\u00e1 disponible p\u00fablicamente y podr\u00eda ser utilizado."}], "id": "CVE-2026-3399", "lastModified": "2026-03-03T17:31:32.110", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-01T23:16:02.060", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Litengzheng/vul_db/blob/main/F453/vul_83/README.md"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.348294"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.348294"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.759631"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-120"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.3"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "F453", "source": "cna", "vendor": "Tenda"}, "product": "f453", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-18T10:11:41.036322+00:00", "value": {"mitigation_remediation": ["Update the router to the latest firmware revision that contains the patch for the \u201cfromGstDhcpSetSer\u201d buffer overflow. If a firmware update is not yet available, contact the vendor for guidance on applying a security fix or a temporary patch.", "If an immediate firmware update cannot be performed, restrict external access to the router\u2019s HTTP management interface by placing the device behind a firewall, disabling remote management, or restricting management ports to trusted IP ranges.", "If the router supports it, temporarily disable the GstDhcpSetSer configuration feature until a fix is applied to prevent the buffer overflow from being triggered while the device remains in use."], "summary": {"action": "Immediate Patch", "impact": "Remote Buffer Overflow potentially leading to Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Affected devices are Tenda F453 routers running firmware version 1.0.0.3, with the vulnerability present in the httpd component accessed via the web-based configuration interface.", "description_and_impact": "The vulnerability is a stack-based buffer overflow in the httpd component of the Tenda F453 router. The function \u201cfromGstDhcpSetSer\u201d in the web form endpoint \u201c/goform/GstDhcpSetSer\u201d does not adequately validate the \u201cdips\u201d argument, allowing an attacker to overflow the buffer and overwrite return addresses. This flaw is categorized as CWE\u2011119 and CWE\u2011120, indicating unsafe memory handling and lack of bounds checking. If successfully exploited, the overflow could enable an attacker to execute arbitrary code on the device, compromising its confidentiality, integrity, and availability.", "risk_and_exploitability": "The CVSS v3 score of 8.7 indicates high severity, while the EPSS score of less than 1% suggests a very low probability that exploitation is being observed in the wild at present. The vulnerability is not listed in the CISA KEV catalog, but it remains publicly available and could be exploited remotely through the router\u2019s HTTP management interface. Based on the description, it is inferred that an attacker would need network connectivity to the device and the ability to manipulate the \u201cdips\u201d parameter via the exposed web form. Given the high severity score and the fact that the attack can be initiated remotely, the risk to organizations that expose these devices to the internet is significant."}}}}, "created": "2026-03-02T12:03:58.112626+00:00", "updated": "2026-04-18T10:15:25.878038+00:00", "vendors": ["tenda", "tenda$PRODUCT$f453"]}