Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Tenda F453 Routers: Remote Code Execution from Unauthenticated Users
CVE-2026-3165
Summary
Tenda F453 routers are vulnerable to a remote code execution attack, which can be triggered by an unauthenticated user. This means that an attacker can potentially take control of the router from anywhere on the internet. To protect your network, update your Tenda F453 firmware to the latest version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| tenda | f453_firmware | 1.0.0.3 | – |
Original title
A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the function fromSetWifiGusetBasic of the file /goform/AdvSetWrlsafeset of the component httpd. This manipulation of the argument m...
Original description
A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the function fromSetWifiGusetBasic of the file /goform/AdvSetWrlsafeset of the component httpd. This manipulation of the argument mit_ssid causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-120
Classic Buffer Overflow
- https://github.com/Litengzheng/vul_db/blob/main/F453/vul_64/README.md Exploit Third Party Advisory
- https://vuldb.com/?ctiid.347672 Permissions Required VDB Entry
- https://vuldb.com/?id.347672 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.759587 Third Party Advisory VDB Entry
- https://www.tenda.com.cn/ Product
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026