I3 Firmware
CVE-2026-3804
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
AnalysisAI
Remote code execution in Tenda i3 1.0.0.6(2204) firmware allows unauthenticated attackers to achieve full system compromise through a stack-based buffer overflow in the WifiMacFilterSet function. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring immediate mitigation through network segmentation or device isolation.
Technical ContextAI
Classified as CWE-119 (Buffer Overflow). Affects I3 Firmware. A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.
More in I3 Firmware
View allStack-based buffer overflow in Tenda i3 1.0.0.6(2204) firmware allows authenticated remote attackers to achieve complete
Remote code execution in Tenda i3 firmware versions up to 1.0.0.6(2204) via stack-based buffer overflow in the WiFi MAC
Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) firmware allows authenticated remote attackers to achieve code exe
Stack overflow in Tenda i3 firmware version 1.0.0.6(2204) allows authenticated remote attackers to achieve full system c
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Rated medium severity (CVSS 5.
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the a
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today