CVE-2026-3728
Stack-Based Buffer Overflow in Tenda F453 /goform/setcfm
Publication date: 2026-03-08
Last updated on: 2026-03-09
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | f453_firmware | 1.0.0.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-3728 is a stack-based buffer overflow vulnerability found in the Tenda F453 router, version 1.0.0.3/1.If. It occurs in the function fromSetCfm within the file /goform/setcfm, which processes user-supplied parameters funcname and funcpara1.'}, {'type': 'paragraph', 'content': 'When the parameter funcpara1 equals "save_list_data", a variable is passed to a sub-function without any length validation. This variable is then used as an argument to sprintf, which writes data into a stack buffer without bounds checking, causing a stack-based buffer overflow.'}, {'type': 'paragraph', 'content': 'This flaw allows an attacker to remotely send a crafted HTTP POST request to the affected endpoint, potentially triggering denial of service or remote code execution on the device.'}] [1, 2, 3]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to denial of service or remote code execution on the affected Tenda F453 router.
An attacker can remotely send a specially crafted request to the device, causing it to crash or allowing the attacker to execute arbitrary code with the privileges of the HTTP daemon.
This compromises the confidentiality, integrity, and availability of the device, potentially allowing unauthorized control or disruption of network services.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious HTTP POST requests sent to the /goform/setcfm endpoint, specifically those containing the parameters funcname and funcpara1.'}, {'type': 'paragraph', 'content': 'An attacker exploits the vulnerability by sending a crafted POST request with an excessively long or malicious payload in the funcpara1 parameter, especially when funcpara1 equals "save_list_data".'}, {'type': 'paragraph', 'content': 'To detect potential exploitation attempts, you can use network monitoring or intrusion detection system (IDS) rules to look for POST requests to /goform/setcfm with unusually large or suspicious funcpara1 values.'}, {'type': 'list_item', 'content': 'Use tools like tcpdump or Wireshark to capture HTTP traffic and filter for POST requests to /goform/setcfm.'}, {'type': 'list_item', 'content': "Example tcpdump command: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/setcfm'"}, {'type': 'list_item', 'content': "Use curl or similar tools to test the endpoint manually by sending crafted POST requests with varying funcpara1 values to observe the device's response."}] [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'No official patch or fix has been provided by the vendor for this vulnerability.'}, {'type': 'paragraph', 'content': 'Immediate mitigation steps include replacing the affected Tenda F453 router running firmware version 1.0.0.3/1.If with an alternative product that is not vulnerable.'}, {'type': 'paragraph', 'content': "Additionally, you should restrict network access to the device's management interface, especially blocking external access to the /goform/setcfm endpoint to prevent remote exploitation."}, {'type': 'paragraph', 'content': 'Implement network-level protections such as firewall rules or intrusion prevention systems to detect and block malicious POST requests targeting this vulnerability.'}] [3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know