Home / Vulnerability Intelligence / CVE-2026-3398

CVE-2026-3398 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 3, 2026

Tenda F453 - Buffer Overflow

Published: March 1, 2026Updated: March 3, 2026PoC AvailableRemote Exploitable

Overview

Tenda F453 1.0.0.3 contains a buffer overflow caused by manipulation of the wanmode/PPPOEPassword argument in /goform/AdvSetWan httpd component, letting remote attackers cause memory corruption, exploit requires crafted request.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 4.6%(Probability of exploitation in next 30 days)

Impact

Remote attackers can cause memory corruption leading to potential remote code execution or system crash.

Mitigation

Update to the latest version or apply vendor patches addressing this vulnerability.

References

Social Media Activity(2 posts)

Offensive Sequence

@offseq

Mar 2, 2026

🔎 HIGH severity: Tenda F453 v1.0.0.3 vulnerable to remote buffer overflow (CVE-2026-3398) via /goform/AdvSetWan. Exploit public, RCE possible with no auth. Disable remote admin & monitor for exploits. Patch ASAP. https://radar.offseq.com/threat/cve-2026-3398-buffer-overflow-in-tenda-f453-735bc013 #OffSeq #Vuln #RouterSec

View original post

TheHackerWire

@thehackerwire

Mar 1, 2026

🟠 CVE-2026-3398 - High (8.8) A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. Executing a manipulation of the argument wanmode/PPPOEPassword can lead to buffer overflow. The atta... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3398/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-3398
Severity: High
CVSS Score: 8.8
Type: buffer_overflow
Status: confirmed
EPSS: 4.6%
Social Posts: 2

CWE

CWE-119

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.6%Probability of exploitation in the next 30 days