CVE-2026-3167
Remote Buffer Overflow in Tenda F453 httpd Component
Publication date: 2026-02-25
Last updated on: 2026-02-25
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | f453_firmware | 1.0.0.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3167 is a critical buffer overflow vulnerability found in the Tenda F453 router, version 1.0.0.3. The flaw exists in the function formWebTypeLibrary within the /goform/webtypelibrary endpoint of the httpd component.
The vulnerability arises from improper handling of the webSiteId argument, where the input buffer is copied to an output buffer without verifying that the input size is smaller than the output buffer size, leading to a classic buffer overflow condition (CWE-120).
This flaw can be exploited remotely without authentication, making it highly severe and allowing attackers to potentially execute arbitrary code or cause denial of service.
How can this vulnerability impact me? :
This vulnerability can impact you by compromising the confidentiality, integrity, and availability of the affected device.
- An attacker can remotely exploit the buffer overflow to execute arbitrary code.
- It can lead to denial of service, making the device unusable.
- Since the exploit is publicly available and requires no authentication, the risk of attack is high.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability exists in the Tenda F453 router version 1.0.0.3, specifically in the /goform/webtypelibrary endpoint of the httpd component, where the webSiteId argument can be manipulated to cause a buffer overflow.'}, {'type': 'paragraph', 'content': 'Detection can involve monitoring network traffic for suspicious requests targeting the /goform/webtypelibrary endpoint with unusually large or malformed webSiteId parameters.'}, {'type': 'paragraph', 'content': 'Since the exploit is publicly available, you can use tools like curl or wget to send crafted requests to the vulnerable endpoint to test if the device is exploitable.'}, {'type': 'list_item', 'content': 'Example command to test the endpoint (replace <router_ip>):\ncurl -v "http://<router_ip>/goform/webtypelibrary" -d "webSiteId=$(python3 -c \'print("A"*1000)\')"'}, {'type': 'list_item', 'content': 'Alternatively, use network monitoring tools (e.g., Wireshark) to detect abnormal POST requests to /goform/webtypelibrary.'}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'There are no known mitigations or countermeasures currently identified for this vulnerability.'}, {'type': 'paragraph', 'content': 'The recommended immediate step is to replace the affected product or update the firmware if a patch becomes available.'}, {'type': 'paragraph', 'content': "In the meantime, restrict remote access to the router's management interface to trusted networks only, and monitor for suspicious activity targeting the /goform/webtypelibrary endpoint."}] [1]