CVE-2026-3398
Published: 01 March 2026
Summary
CVE-2026-3398 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda F453 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates validation of untrusted inputs like wanmode and PPPOEPassword arguments to prevent buffer overflows in the httpd component.
Requires timely remediation through firmware updates to address the specific buffer overflow vulnerability in Tenda F453 httpd.
Provides memory protections such as address space layout randomization and data execution prevention to mitigate arbitrary code execution from buffer overflows.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow RCE in exposed httpd web interface (/goform/AdvSetWan) directly enables remote exploitation of a public-facing application (T1190) from low-privilege credentials, resulting in arbitrary code execution and effective privilege escalation (T1068) on the network device.
NVD Description
A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. Executing a manipulation of the argument wanmode/PPPOEPassword can lead to buffer overflow. The attack can be launched remotely. The…
more
exploit has been publicly disclosed and may be utilized.
Deeper analysisAI
CVE-2026-3398 is a buffer overflow vulnerability in Tenda F453 firmware version 1.0.0.3. The flaw affects the fromAdvSetWan function in the /goform/AdvSetWan file of the httpd component, where manipulation of the wanmode or PPPOEPassword argument triggers the overflow. Associated with CWE-119 and CWE-120, it was published on 2026-03-01 and carries a CVSS 3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A remote attacker with low privileges can exploit this vulnerability without user interaction. Successful exploitation leads to high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data compromise, or denial of service on the affected router.
Advisories from VulDB (ctiid.348293, id.348293, submit.759630) and a GitHub repository (Litengzheng/vul_db) provide further details, including exploit information. The Tenda website (tenda.com.cn) may offer relevant firmware updates or mitigation guidance.
The exploit has been publicly disclosed and may be utilized, heightening risks for exposed Tenda F453 devices.
Details
- CWE(s)