LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-5021

CVE-2026-5021 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 29, 2026

Tenda F453 - Buffer Overflow

Published: March 29, 2026Updated: March 29, 2026Remote Exploitable

Overview

Tenda F453 1.0.0.3 contains a stack-based buffer overflow caused by manipulation of the "delno" argument in /goform/PPTPUserSetting httpd component, letting remote attackers execute arbitrary code, exploit requires crafted request.

Severity & Score

Severity: High
CVSS Score: 8.8
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary code, potentially leading to full system compromise.

Mitigation

Update to the latest version.

References

Social Media Activity(4 posts)

Offensive Sequence
Offensive Sequence
@offseq
Mar 29, 2026

šŸ”Ž HIGH: CVE-2026-5021 in Tenda F453 v1.0.0.3 enables remote stack buffer overflow via /goform/PPTPUserSetting ā€” no auth needed! PoC is public; patch/mitigate now to block total device compromise. https://radar.offseq.com/threat/cve-2026-5021-stack-based-buffer-overflow-in-tenda-f1fb8811 #OffSeq #CVE20265021 #Infosec #Router

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 29, 2026

šŸŸ  CVE-2026-5021 - High (8.8) A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-5021/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
Offensive Sequence
Offensive Sequence
@offseq
Mar 29, 2026

šŸ”Ž HIGH: CVE-2026-5021 in Tenda F453 v1.0.0.3 enables remote stack buffer overflow via /goform/PPTPUserSetting ā€” no auth needed! PoC is public; patch/mitigate now to block total device compromise. https://radar.offseq.com/threat/cve-2026-5021-stack-based-buffer-overflow-in-tenda-f1fb8811 #OffSeq #CVE20265021 #Infosec #Router

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 29, 2026

šŸŸ  CVE-2026-5021 - High (8.8) A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-5021/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-5021
Severity
High
CVSS Score
8.8
Type
buffer_overflow
Status
new
EPSS
0.0%
Social Posts
4

CWE

  • CWE-119

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days