CVE-2026-3732
Remote Stack-Based Buffer Overflow in Tenda F453 /goform/exeCommand
Publication date: 2026-03-08
Last updated on: 2026-03-09
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | f453_firmware | 1.0.0.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3732 is a stack-based buffer overflow vulnerability found in the Tenda F453 router firmware version 1.0.0.3. It occurs in the strcpy function within the /goform/exeCommand endpoint, where the user-supplied parameter cmdinput is copied into a stack buffer without length checks. Because strcpy does not limit the number of bytes copied, this can overflow the buffer on the stack.
This flaw allows an attacker to remotely send a specially crafted request to the vulnerable endpoint, potentially causing a denial of service or enabling arbitrary code execution on the device.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "Exploitation of this vulnerability can lead to serious impacts including denial of service (DoS), where the device becomes unavailable, or remote execution of arbitrary code, which can compromise the device's operation."}, {'type': 'paragraph', 'content': 'The vulnerability affects the confidentiality, integrity, and availability of the device, meaning sensitive data could be exposed or altered, and the device could be controlled or disrupted by an attacker.'}, {'type': 'paragraph', 'content': 'Since the exploit can be performed remotely without local access or physical interaction, it poses a significant risk to users of the affected Tenda F453 router.'}] [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for HTTP requests sent to the /goform/exeCommand endpoint of the Tenda F453 router firmware version 1.0.0.3, especially those containing the cmdinput parameter.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves a stack-based buffer overflow triggered by the cmdinput argument, detection can involve inspecting network traffic for suspicious or unusually long cmdinput parameter values in HTTP requests.'}, {'type': 'paragraph', 'content': 'Commands to detect potential exploitation attempts could include using network packet capture tools like tcpdump or Wireshark to filter HTTP requests to /goform/exeCommand, for example:'}, {'type': 'list_item', 'content': "tcpdump -i <interface> -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/exeCommand'"}, {'type': 'list_item', 'content': 'Using curl or wget to test the endpoint manually by sending crafted requests with cmdinput parameters of varying lengths to observe abnormal behavior or crashes.'}, {'type': 'paragraph', 'content': 'Additionally, reviewing device logs for crashes or abnormal behavior related to the httpd process may help identify exploitation attempts.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the vulnerable /goform/exeCommand endpoint by implementing network-level controls such as firewall rules to block external access to the device's HTTP management interface."}, {'type': 'paragraph', 'content': 'Since no known mitigations or patches are available for this vulnerability, it is recommended to consider replacing the affected Tenda F453 device with a non-vulnerable model.'}, {'type': 'paragraph', 'content': 'Monitoring the device for unusual behavior or crashes and disabling remote management features if possible can also reduce the risk of exploitation.'}] [2]