CVE-2026-3272Improper Restriction of Operations within the Bounds of a Memory Buffer in F453

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 74.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda F453Tenda F453 Firmware
Timeline
PublishedFeb 27

Description

A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/f4531.0.0.3
NVDtenda/f453_firmware1.0.0.3

🔴Vulnerability Details

2
CVEList
Tenda F453 httpd DhcpListClient fromDhcpListClient buffer overflow2026-02-27
GHSA
GHSA-pf83-65gp-c24p: A vulnerability was determined in Tenda F453 12026-02-27
CVE-2026-3272 — Tenda F453 vulnerability | cvebase