Executive Summary

CVE-2026-3165 is a critical buffer overflow vulnerability found in the Tenda F453 router firmware version 1.0.0.3. It exists in the function fromSetWifiGusetBasic within the /goform/AdvSetWrlsafeset endpoint of the httpd component.

The vulnerability arises because the argument mit_ssid is improperly handled: the input buffer is copied to an output buffer without verifying that the input size is smaller than the output buffer size. This causes a buffer overflow condition.

This flaw can be exploited remotely without authentication, potentially allowing an attacker to execute arbitrary code or cause a denial of service on the device.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability impacts the confidentiality, integrity, and availability of the affected Tenda F453 router device.

• An attacker can remotely exploit the buffer overflow to execute arbitrary code on the device.
• It can lead to denial of service, making the device unavailable.
• Since exploitation requires no authentication and can be done remotely, it poses a significant security risk.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability affects the Tenda F453 router firmware version 1.0.0.3 and is located in the /goform/AdvSetWrlsafeset endpoint of the httpd component, specifically in the fromSetWifiGusetBasic function. Detection can involve monitoring for unusual or malformed HTTP requests targeting this endpoint, especially those manipulating the mit_ssid argument.'}, {'type': 'paragraph', 'content': 'Since the exploit is publicly available and targets a specific HTTP endpoint, network detection can be done by capturing and analyzing HTTP traffic for suspicious POST requests to /goform/AdvSetWrlsafeset with unusually large or malformed mit_ssid parameters.'}, {'type': 'paragraph', 'content': 'Suggested commands for detection include using network traffic analysis tools such as tcpdump or Wireshark to filter HTTP requests to the vulnerable endpoint. For example:'}, {'type': 'list_item', 'content': "tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/AdvSetWrlsafeset'"}, {'type': 'list_item', 'content': 'Using curl or similar tools to test the endpoint with crafted mit_ssid parameters to check for abnormal responses or crashes.'}, {'type': 'paragraph', 'content': 'Additionally, reviewing router logs for crashes or abnormal behavior related to the httpd service may help identify exploitation attempts.'}] [1, 2]

Useful 0 Not Useful 0

Mitigation Strategies

[{'type': 'paragraph', 'content': 'There are no known published mitigations or patches for this vulnerability as of the disclosure date.'}, {'type': 'paragraph', 'content': 'The recommended immediate mitigation is to replace the affected Tenda F453 router firmware version 1.0.0.3 with a secure version if available, or to replace the device entirely to avoid risk.'}, {'type': 'paragraph', 'content': "In the meantime, restricting remote access to the router's management interface, especially blocking access to the /goform/AdvSetWrlsafeset endpoint, can reduce the risk of exploitation."}, {'type': 'paragraph', 'content': 'Monitoring network traffic for exploitation attempts and disabling remote management features if not needed are also advisable.'}] [2]

Useful 0 Not Useful 0