Home / Vulnerability Intelligence / CVE-2026-3399

CVE-2026-3399 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 3, 2026

Tenda F453 - Buffer Overflow

Published: March 1, 2026Updated: March 3, 2026PoC AvailableRemote Exploitable

Overview

Tenda F453 1.0.0.3 contains a buffer overflow caused by manipulation of the "dips" argument in /goform/GstDhcpSetSer httpd component, letting remote attackers cause memory corruption, exploit requires crafted request.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 4.6%(Probability of exploitation in next 30 days)

Impact

Remote attackers can cause memory corruption, potentially leading to denial of service or code execution.

Mitigation

Update to the latest available version.

References

Social Media Activity(2 posts)

Offensive Sequence

@offseq

Mar 2, 2026

🚨 HIGH severity: CVE-2026-3399 impacts Tenda F453 (v1.0.0.3) via buffer overflow in httpd's fromGstDhcpSetSer. Remotely exploitable, public exploit available. Patch or mitigate now to prevent device takeover! https://radar.offseq.com/threat/cve-2026-3399-buffer-overflow-in-tenda-f453-2372f90c #OffSeq #Vuln #Infosec #Router

View original post

TheHackerWire

@thehackerwire

Mar 1, 2026

🟠 CVE-2026-3399 - High (8.8) A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The at... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3399/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-3399
Severity: High
CVSS Score: 8.8
Type: buffer_overflow
Status: confirmed
EPSS: 4.6%
Social Posts: 2

CWE

CWE-119

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.6%Probability of exploitation in the next 30 days