CVE-2026-3377 – A buffer overflow vulnerability in Tenda F453 r... (How to Fix)

📋 TL;DR

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the fromSafeUrlFilter function. This affects Tenda F453 routers running firmware version 1.0.0.3. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

Tenda F453

Versions: 1.0.0.3

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version; other versions may also be vulnerable but not confirmed.

📦 What is this software?

F453 Firmware by Tenda

View all CVEs affecting F453 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network infiltration, and potential lateral movement to connected systems.

🟠

Likely Case

Remote code execution allowing attackers to install malware, create backdoors, intercept network traffic, or use the device as part of a botnet.

🟢

If Mitigated

Limited impact if device is behind strict network segmentation and firewalls, though device compromise still possible.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects internet-facing routers with public exploit available.

🏢 Internal Only: MEDIUM - Internal routers could still be exploited via internal network access or compromised systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available on GitHub; remote exploitation without authentication makes weaponization likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates
2. Download latest firmware for F453
3. Access router admin interface
4. Upload and apply firmware update
5. Reboot router

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected routers from critical network segments

Access Control

linux

Restrict access to router admin interface to trusted IPs only

iptables -A INPUT -p tcp --dport 80 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Replace affected routers with different models or brands
Implement strict network monitoring and intrusion detection for router traffic

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface; if version is 1.0.0.3, device is vulnerable.

Check Version:

Check via router web interface at http://router_ip or using telnet/ssh if enabled

Verify Fix Applied:

Verify firmware version has been updated to a version later than 1.0.0.3.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/SafeUrlFilter
Buffer overflow error messages in router logs
Unexpected reboots or crashes

Network Indicators:

Unusual outbound connections from router
Traffic patterns suggesting command and control communication
Port scanning originating from router

SIEM Query:

source="router_logs" AND (uri="/goform/SafeUrlFilter" OR message="buffer overflow" OR message="segmentation fault")

📊 Metadata

CVE ID: CVE-2026-3377

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: March 1, 2026

Last Updated: March 3, 2026

🔗 References

https://github.com/Litengzheng/vul_db/blob/main/F453/vul_77/README.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.348262 Permissions Required,VDB Entry
https://vuldb.com/?id.348262 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.759624 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-3377, you might also want to check these: