CVE-2026-3729 identifies a critical stack-based buffer overflow vulnerability in Tenda F453 router firmware versions 1.0.0.3 and 3.As. The flaw resides in the fromPptpUserAdd function of the /goform/PPTPDClient component, which processes PPTP VPN client user additions. Specifically, the vulnerability arises from improper validation and handling of the username and opttype parameters passed to this function, allowing an attacker to craft malicious input that overflows the stack buffer. This overflow can overwrite adjacent memory, potentially enabling remote code execution with elevated privileges on the device. The attack vector is remote network access to the vulnerable endpoint, requiring no authentication or user interaction, which significantly lowers the barrier for exploitation. The CVSS 4.0 base score is 8.7 (high), reflecting the ease of exploitation and the severe impact on confidentiality, integrity, and availability. Although no active exploitation has been reported, a public exploit exists, increasing the urgency for mitigation. The vulnerability affects core router functionality, potentially allowing attackers to disrupt network operations, intercept or manipulate traffic, or establish persistent footholds within affected networks. No official patches or updates have been linked yet, so mitigation may require network-level controls or device replacement until a fix is available.

The impact of CVE-2026-3729 is significant for organizations using Tenda F453 routers, especially those relying on PPTP VPN functionality. Successful exploitation can lead to arbitrary code execution on the router with elevated privileges, compromising device integrity and control. This can result in network disruption, interception or manipulation of sensitive data, unauthorized access to internal networks, and potential lateral movement to other systems. The vulnerability threatens confidentiality by exposing VPN credentials or traffic, integrity by allowing malicious configuration changes, and availability by causing device crashes or denial of service. Given the remote, unauthenticated exploit vector and public exploit availability, attackers ranging from cybercriminals to nation-state actors could leverage this flaw to target enterprises, ISPs, or critical infrastructure providers. The widespread use of Tenda routers in residential, small business, and some enterprise environments globally increases the scope of potential impact. Without timely mitigation, affected organizations face elevated risks of network compromise, data breaches, and operational disruptions.

To mitigate CVE-2026-3729, organizations should first verify if their Tenda F453 devices run the vulnerable firmware versions 1.0.0.3 or 3.As. Since no official patches are currently linked, immediate steps include disabling PPTP VPN functionality if not required, as this reduces the attack surface. Network-level protections such as firewall rules should be implemented to restrict external access to the /goform/PPTPDClient endpoint, ideally limiting it to trusted management networks. Intrusion detection/prevention systems (IDS/IPS) should be updated to detect exploit attempts targeting this vulnerability. Monitoring network traffic for anomalous requests to the vulnerable endpoint can provide early warning of exploitation attempts. Where possible, replace affected devices with models from vendors with active security support and patch management. Additionally, organizations should maintain rigorous network segmentation to limit the impact of compromised devices and enforce strong authentication and encryption for VPN services to reduce reliance on vulnerable protocols like PPTP. Finally, stay alert for vendor advisories and apply firmware updates promptly once available.