CVE-2026-3377
Published: 01 March 2026
Summary
CVE-2026-3377 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda F453 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation requires identifying, testing, and installing firmware updates to directly patch the buffer overflow vulnerability in the Tenda F453 router.
Information input validation enforces checks on the 'page' argument to prevent buffer overflows from malformed inputs in the /goform/SafeUrlFilter function.
Memory protection mechanisms like stack canaries, ASLR, and DEP mitigate exploitation of the buffer overflow even if invalid input reaches the vulnerable function.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in router web form (/goform/SafeUrlFilter) directly enables remote exploitation of a public-facing application (T1190) by low-privileged authenticated users, resulting in arbitrary code execution and full system compromise (T1068).
NVD Description
A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Performing a manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is…
more
now public and may be used.
Deeper analysisAI
CVE-2026-3377 is a buffer overflow vulnerability affecting the Tenda F453 router on firmware version 1.0.0.3. The flaw resides in the fromSafeUrlFilter function within the /goform/SafeUrlFilter file, where manipulation of the "page" argument triggers the overflow. Published on 2026-03-01, it is associated with CWE-119 and CWE-120 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation by attackers possessing low privileges, such as authenticated users with minimal access. Successful attacks can result in high confidentiality, integrity, and availability impacts, potentially allowing arbitrary code execution or system compromise on the affected device.
Advisories and further details are documented on VulDB (ctiid.348262, id.348262, submit.759624), a GitHub repository containing the public exploit (Litengzheng/vul_db/blob/main/F453/vul_77/README.md), and the manufacturer's site (tenda.com.cn). The exploit is publicly available and may be actively used.
In notable context, the public disclosure of the exploit heightens the urgency for affected users to assess and update their Tenda F453 devices.
Details
- CWE(s)