CVE-2026-3275
Published: 27 February 2026
Summary
CVE-2026-3275 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda F453 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 11.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly validates the 'entrys' argument in the /goform/addressNat function to prevent buffer overflow exploitation.
Remediates the specific buffer overflow flaw in the httpd component through identification, reporting, and timely patching of the Tenda F453 firmware.
Implements memory safeguards such as ASLR and DEP to mitigate arbitrary code execution even if the buffer overflow in fromAddressNat is triggered.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in authenticated web interface (httpd) of network device enables remote code execution/device compromise from low-priv access, directly facilitating T1190 (public-facing app exploitation) and T1068 (post-auth privilege escalation).
NVD Description
A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Executing a manipulation of the argument entrys can lead to buffer overflow. The attack may be performed from…
more
remote. The exploit has been made available to the public and could be used for attacks.
Deeper analysisAI
CVE-2026-3275 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting the Tenda F453 router on firmware version 1.0.0.3. The flaw exists in the fromAddressNat function within the /goform/addressNat file of the httpd component. Manipulating the entrys argument triggers the buffer overflow condition.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), denoting high severity with network accessibility, low attack complexity, and low privileges required. A remote, authenticated attacker can exploit it without user interaction, potentially achieving high impacts on confidentiality, integrity, and availability, such as arbitrary code execution or device compromise. A public exploit is available.
Advisories and further details appear in references including VulDB entries (ctiid.347999, id.347999, submit.759622), a GitHub repository at Litengzheng/vul_db with exploit code, and the Tenda website (tenda.com.cn). No specific patch or mitigation steps are detailed in the disclosure. The CVE was published on 2026-02-27T02:16:20.747.
Details
- CWE(s)