CVE-2026-3380
Buffer Overflow in Tenda F453 /goform/L7Im Enables Remote Attack
Publication date: 2026-03-01
Last updated on: 2026-03-03
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | f453_firmware | 1.0.0.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-3380 is a critical buffer overflow vulnerability found in the Tenda F453 router, version 1.0.0.3. The flaw exists in the function frmL7ImForm within the /goform/L7Im endpoint. It occurs because the argument 'page' is improperly handled, where input data is copied to an output buffer without verifying that the input size fits, leading to a buffer overflow condition."}, {'type': 'paragraph', 'content': 'This vulnerability can be exploited remotely without requiring local or physical access, making it easier for attackers to launch attacks from afar.'}] [2, 3]
How can this vulnerability impact me? :
Exploitation of this vulnerability can compromise the confidentiality, integrity, and availability of the affected device.
- Remote attackers can execute arbitrary code or cause denial of service by triggering the buffer overflow.
- The routerβs web interface can be manipulated, potentially allowing attackers to take control or disrupt network operations.
Because the exploit is publicly available and easy to use, the risk of attack is significant.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "The vulnerability affects the Tenda F453 router firmware version 1.0.0.3, specifically the /goform/L7Im endpoint with the 'page' argument causing a buffer overflow. Detection would involve checking for attempts to access or manipulate this endpoint with unusual or oversized 'page' parameters."}, {'type': 'paragraph', 'content': "Since the exploit is publicly available, network monitoring tools can be configured to detect HTTP requests targeting /goform/L7Im with suspicious payloads in the 'page' argument."}, {'type': 'paragraph', 'content': 'No explicit detection commands are provided in the resources. However, a possible approach is to use network traffic inspection tools like tcpdump or Wireshark to filter HTTP requests to the vulnerable endpoint, for example:'}, {'type': 'list_item', 'content': "tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/L7Im'"}, {'type': 'list_item', 'content': "Or use curl or wget to test the endpoint manually by sending crafted requests to /goform/L7Im with varying 'page' parameters to observe abnormal behavior or crashes."}] [2, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'No known mitigations or countermeasures have been identified for this vulnerability.'}, {'type': 'paragraph', 'content': 'The recommended immediate step is to replace the affected Tenda F453 router running firmware version 1.0.0.3 with an alternative device or firmware version that is not vulnerable.'}, {'type': 'paragraph', 'content': "Additionally, restricting remote access to the router's web interface and monitoring for suspicious activity targeting the /goform/L7Im endpoint may reduce exposure."}] [2]