CVE-2026-3727
Published: 08 March 2026
Summary
CVE-2026-3727 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda F453 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the stack-based buffer overflow by enforcing validation of untrusted inputs like the mit_linktype/PPPOEPassword argument in the /goform/QuickIndex handler.
Implements memory protections such as stack canaries, ASLR, and DEP to prevent exploitation of the stack buffer overflow for arbitrary code execution.
Requires timely identification, reporting, and patching of the specific buffer overflow flaw in Tenda F453 firmware version 1.0.0.3.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in router web form (/goform/QuickIndex) allows remote low-priv authenticated RCE on public-facing device, directly enabling T1190 for initial access and T1068 for privilege escalation to arbitrary code execution.
NVD Description
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function sub_3C6C0 of the file /goform/QuickIndex. The manipulation of the argument mit_linktype/PPPOEPassword results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made…
more
public and could be used.
Deeper analysisAI
CVE-2026-3727 is a stack-based buffer overflow vulnerability affecting Tenda F453 routers running firmware version 1.0.0.3. The issue resides in the function sub_3C6C0 within the file /goform/QuickIndex, where manipulation of the argument mit_linktype/PPPOEPassword triggers the overflow. It is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation by low-privileged users over the network with low attack complexity and no user interaction required. Attackers can achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution on the affected device.
References include a public exploit on GitHub at https://github.com/Litengzheng/vul_db/blob/main/F453/vul_96/README.md and VulDB advisories detailing the issue. No specific patches or mitigations are described in the provided details; users should consult the Tenda website at https://www.tenda.com.cn/ for firmware updates.
The exploit has been made public and could be used, as noted in the vulnerability description published on 2026-03-08.
Details
- CWE(s)