CVE-2026-3729 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2026-3729?

CVE-2026-3729 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by manipulating the username/opttype arguments in the fromPptpUserAdd function. This affects Tenda F453 routers running firmware version 1.0.0.3/3.As. Attackers can exploit this without authentication to potentially take full control of affected devices.

📋 TL;DR

A stack-based buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by manipulating the username/opttype arguments in the fromPptpUserAdd function. This affects Tenda F453 routers running firmware version 1.0.0.3/3.As. Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:

Tenda F453

Versions: 1.0.0.3/3.As

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the PPTPDClient functionality. Devices with PPTP client enabled may be more exposed.

📦 What is this software?

F453 Firmware by Tenda

View all CVEs affecting F453 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement to internal networks, persistent backdoor installation, and data exfiltration.

🟠

Likely Case

Remote code execution resulting in device takeover, botnet enrollment, or denial of service.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and public exploits exist.

🏢 Internal Only: HIGH - Even internally, the vulnerability requires no authentication and could be exploited by compromised internal hosts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available in GitHub repositories. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. If available, download the latest firmware. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply the new firmware. 6. Reboot the router.

🔧 Temporary Workarounds

Disable PPTP Client

all

Disable the PPTP client functionality if not required.

Network Segmentation

all

Isolate affected routers in separate network segments with strict firewall rules.

🧯 If You Can't Patch

Implement strict network access controls to limit inbound connections to router management interfaces
Monitor for exploitation attempts using network IDS/IPS signatures and log analysis

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. If version is 1.0.0.3 or 3.As, device is vulnerable.

Check Version:

Login to router admin interface and check System Status or Firmware Version page.

Verify Fix Applied:

After updating firmware, verify the version number has changed from 1.0.0.3/3.As.

📡 Detection & Monitoring

Log Indicators:

Unusual PPTP connection attempts
Multiple failed authentication attempts to PPTP service
Unexpected process execution on router

Network Indicators:

Unusual traffic to router port 1723 (PPTP)
Suspicious payloads in PPTP protocol packets
Outbound connections from router to unknown destinations

SIEM Query:

source="router_logs" AND ("PPTP" OR "fromPptpUserAdd") AND ("overflow" OR "crash" OR "unusual")

📊 Metadata

CVE ID: CVE-2026-3729

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: March 8, 2026

Last Updated: March 9, 2026

🔗 References

https://github.com/Litengzheng/vul_db/blob/main/F453/vul_98/README.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.349707 Permissions Required,VDB Entry
https://vuldb.com/?id.349707 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.766934 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-3729, you might also want to check these: