Tenda F453 1.0.0.3 HTTPD Goform/DhcpListClient Buffer Overflow Vulnerability CVE ID: CVE-2026-3272 Vulnerability Description: Critical buffer overflow vulnerability in the function of the file of the component . CVSS Meta Temp Score: 8.0 Current Exploit Price: $0-$5k CTI Interest Score: 2.77 Summary A vulnerability classified as critical exists in Tenda F453 1.0.0.3. Manipulation of the argument leads to a buffer overflow. The vulnerability is documented as CVE-2026-3272. The attack can be executed remotely and an exploit exists. Details The function in the file of the component is vulnerable to buffer overflow due to improper input validation. The manipulation of the argument with an unknown input leads to a buffer overflow vulnerability. The product copies an input buffer to an output buffer without verifying the size of the input buffer, leading to a buffer overflow. Impacts include potential compromise of confidentiality, integrity, and availability. The vulnerability is associated with CWE-120. Known as CVE-2026-3272, the exploit is available on GitHub and is declared a proof-of-concept. Additional Information The exploit is known to be easy and can be launched remotely. Technical details and a public exploit are known and shared for download on GitHub.