Cyber Resilience

CVE-2026-3399

HighPublic PoC

Published: 01 March 2026

Published
01 March 2026
Modified
03 March 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0089 54.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-3399 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda F453 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-3399 is a buffer overflow vulnerability in Tenda F453 firmware version 1.0.0.3. The flaw affects the fromGstDhcpSetSer function in the /goform/GstDhcpSetSer file of the httpd component, where manipulation of the dips argument triggers the overflow. Published on 2026-03-01, it is associated with CWE-119 and CWE-120.

The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely with low attack complexity and low privileges required. An attacker meeting these conditions can achieve high impacts on confidentiality, integrity, and availability, such as potential remote code execution via the buffer overflow.

Advisories and details are available via VulDB entries (https://vuldb.com/?ctiid.348294, https://vuldb.com/?id.348294, https://vuldb.com/?submit.759631) and the vendor site (https://www.tenda.com.cn/). A public exploit is documented on GitHub (https://github.com/Litengzheng/vul_db/blob/main/F453/vul_83/README.md) and might be used.

The exploit is publicly available, increasing the risk of active exploitation against unpatched Tenda F453 devices.

EU & UK References

Vulnerability details

A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely.…

more

The exploit is publicly available and might be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in the httpd web management interface (public-facing) directly enables remote exploitation for RCE with low privileges, mapping to T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-3167Same product: Tenda F453
CVE-2026-3379Same product: Tenda F453
CVE-2026-3166Same product: Tenda F453
CVE-2026-3271Same product: Tenda F453
CVE-2026-3274Same product: Tenda F453
CVE-2026-3273Same product: Tenda F453
CVE-2026-3398Same product: Tenda F453
CVE-2026-3168Same product: Tenda F453
CVE-2026-3377Same product: Tenda F453
CVE-2026-3169Same product: Tenda F453

Affected Assets

tenda
f453 firmware
1.0.0.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely identification, reporting, and patching of the buffer overflow flaw in the httpd component's fromGstDhcpSetSer function directly eliminates the vulnerability in Tenda F453 firmware.

prevent

Validating the length and format of the 'dips' argument in HTTP requests to /goform/GstDhcpSetSer prevents the buffer overflow triggered by oversized or malformed input.

prevent

Memory protections such as address space layout randomization and stack canaries mitigate successful exploitation of the buffer overflow even if the underlying flaw persists.

References