EUVD-2026-19081CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
Analysis
Buffer overflow in Tenda M3 router firmware 1.0.0.10 allows authenticated remote attackers to achieve code execution via the setAdvPolicyData endpoint. The vulnerability resides in the Destination Handler component's policyType parameter processing. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Tenda M3 routers running firmware 1.0.0.10 across the network using asset inventory tools. Within 7 days: Restrict network access to the affected routers' management interfaces to authorized administrative personnel only; implement network segmentation to isolate routers from critical assets. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today