CVE-2026-5021

Name of the Vulnerable Software and Affected Versions Tenda F453 version 1.0.0.3

Description A flaw exists in the Tenda F453 device. The issue is a stack-based buffer overflow within the fromPPTPUserSetting function, located in the /goform/PPTPUserSetting file of the httpd component. Manipulation of the delno argument causes this overflow. Remote exploitation is possible.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the PPTP service to minimize the risk of exploitation.