WRITEUP

WRITEUP

Exploit for CVE-2026-3271 - Tenda F453 1.0.0.3 - Buffer Overflow

AI Analysis

Technical analysis of a stack-based buffer overflow in Tenda F453 V1.0.0.3's `httpd` via the `fromP2pListFilter` function, where the `page` parameter is passed to `sprintf` without length checks, enabling DoS or RCE. Includes PoC request demonstrating the overflow.

Attack Type

RCE | DoS

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution T1499 - Endpoint Denial of Service

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Files 1

https://github.com/Litengzheng/vul_db/blob/main/F453/vul_70/README.md

Authors

Li Tengzheng

Vulnerability

CVE-2026-3271

Tenda F453 1.0.0.3 - Buffer Overflow

HIGH

CVSS 8.8