CVE-2026-3732

Name of the Vulnerable Software and Affected Versions Tenda F453 version 1.0.0.3

Description A stack-based buffer overflow exists in the strcpy function within the /goform/exeCommand file of the Tenda F453 router. The issue is triggered by manipulating the cmdinput argument, potentially allowing for remote code execution and device takeover. The exploit for this issue has been publicly disclosed. The vulnerability affects the network-accessible management interface and can be exploited remotely with a crafted cmdinput parameter.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /goform/exeCommand endpoint to minimize the risk of exploitation.