CVE-2026-3165
Published: 25 February 2026
Summary
CVE-2026-3165 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda F453 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents buffer overflow by validating and sanitizing the mit_ssid argument in the fromSetWifiGusetBasic function of the httpd component.
Remediates the specific buffer overflow flaw in Tenda F453 firmware version 1.0.0.3 through timely patching or updates.
Provides architectural protections against memory corruption from buffer overflows, such as non-executable stacks and address space randomization, hindering remote exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing httpd web interface (fromSetWifiGusetBasic) directly enables remote exploitation of a network device application for RCE (T1190); low-privilege requirement with full C/I/A impact also facilitates local-to-root privilege escalation on the device (T1068).
NVD Description
A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the function fromSetWifiGusetBasic of the file /goform/AdvSetWrlsafeset of the component httpd. This manipulation of the argument mit_ssid causes buffer overflow. The attack can be initiated remotely. The exploit has been…
more
publicly disclosed and may be utilized.
Deeper analysisAI
CVE-2026-3165 is a buffer overflow vulnerability in Tenda F453 firmware version 1.0.0.3. The flaw affects the httpd component, specifically the fromSetWifiGusetBasic function in the /goform/AdvSetWrlsafeset file, where manipulation of the mit_ssid argument triggers the overflow. Published on 2026-02-25, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-119 and CWE-120.
An attacker with low privileges can exploit this remotely over the network with low attack complexity and no user interaction. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, potentially enabling arbitrary code execution or system compromise on the affected router.
Advisories from VulDB detail the issue, with exploit code publicly disclosed in a GitHub repository at https://github.com/Litengzheng/vul_db/blob/main/F453/vul_64/README.md. Additional references include VulDB entries and the Tenda website at https://www.tenda.com.cn/, though specific patch or mitigation guidance is not outlined in the CVE description.
Details
- CWE(s)