Tenda W3
CVE-2026-36792
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionNVD
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formWifiRadioSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
AnalysisAI
Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request containing a malicious wl_radio parameter to the formWifiRadioSet function. EPSS scoring (0.01%, 2nd percentile) indicates very low real-world exploitation probability, and no public exploit identified at time of analysis beyond a research repository referencing the vulnerable function.
Technical ContextAI
The vulnerability resides in the formWifiRadioSet handler within the web management interface of the Tenda W3 consumer wireless router, a SOHO device commonly deployed at network edges. The flaw is classified as CWE-121 (Stack-based Buffer Overflow), meaning that user-controlled input passed to the wl_radio HTTP parameter is copied onto a fixed-size stack buffer without bounds checking, corrupting the stack frame. Tenda's web management daemon (httpd) is written in C and reuses a code pattern shared across many of its routers, where formXxx() handler functions process POST parameters via unsafe string operations such as strcpy/sprintf, which has historically led to similar stack overflows in the Tenda product line.
RemediationAI
No vendor-released patch identified at time of analysis; Tenda has not published an advisory or fixed firmware version in the referenced intelligence, so monitor https://www.tendacn.com for a firmware update superseding v1.0.0.3(2204). As compensating controls, disable WAN-side remote web management (typically labeled 'Remote Web Management' or 'Remote Management' in the admin UI) to prevent internet-based exploitation, restrict LAN-side access to the router's HTTP/HTTPS admin interface via firewall ACLs or VLAN segmentation so only trusted management hosts can reach it, and where the W3 is deployed in a sensitive role, plan replacement with a supported device since end-of-life Tenda consumer routers typically receive no further security updates. The trade-off of disabling remote management is loss of off-LAN administration; restricting admin access by VLAN may complicate legitimate remote support workflows.
Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali
Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST
Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when
Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_
Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc
Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge
An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today