Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Tenda F453 Firmware 1.0.0.3: Uncontrolled Memory Access via DHCP Client List
CVE-2026-3272
Summary
A bug in the Tenda F453's DHCP client list feature can be exploited by a remote attacker, potentially allowing them to access data they shouldn't have. This vulnerability has been publicly disclosed, so it's essential to update the firmware to protect your device. We recommend checking with Tenda's official website for the latest firmware version and following their instructions to update your device.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| tenda | f453_firmware | 1.0.0.3 | – |
Original title
A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. This manipulation of the argument page c...
Original description
A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-120
Classic Buffer Overflow
- https://github.com/Litengzheng/vul_db/blob/main/F453/vul_71/README.md Exploit Third Party Advisory
- https://vuldb.com/?ctiid.347996 Permissions Required VDB Entry
- https://vuldb.com/?id.347996 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.759603 Third Party Advisory VDB Entry
- https://www.tenda.com.cn/ Product
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026