CVE-2026-3803
Stack-Based Buffer Overflow in Tenda i3 WifiMacFilterGet
Publication date: 2026-03-09
Last updated on: 2026-03-09
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | i3_firmware | 1.0.0.6(2204) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-3803 is a stack-based buffer overflow vulnerability found in the Tenda i3 router firmware version 1.0.0.6(2204). It specifically affects the function formWifiMacFilterGet, accessible via the /goform/WifiMacFilterGet HTTP POST endpoint.'}, {'type': 'paragraph', 'content': 'The vulnerability arises because the "index" parameter in the POST request is not properly validated for length, allowing an attacker to send an excessively long string that overflows the buffer on the stack.'}, {'type': 'paragraph', 'content': 'This overflow can lead to arbitrary code execution or denial of service on the affected device. The attack can be initiated remotely over the network without requiring local access.'}] [1, 2, 3]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'Exploitation of this vulnerability can lead to serious impacts including denial of service (DoS) and potentially arbitrary code execution on the affected Tenda i3 router.'}, {'type': 'paragraph', 'content': "An attacker can remotely send a crafted HTTP POST request to overflow the buffer, which may allow them to disrupt the router's normal operation or take control of the device."}, {'type': 'paragraph', 'content': 'This compromises the confidentiality, integrity, and availability of the device, potentially affecting the security of the network it manages.'}] [1, 2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for HTTP POST requests to the endpoint /goform/WifiMacFilterGet that contain an unusually long or malformed "index" parameter. Such requests may indicate attempts to exploit the stack-based buffer overflow.'}, {'type': 'paragraph', 'content': 'A practical detection method is to capture and analyze network traffic targeting the Tenda i3 router, specifically looking for POST requests with the "index" parameter exceeding normal length.'}, {'type': 'list_item', 'content': 'Use a network packet capture tool like tcpdump or Wireshark to filter HTTP POST requests to /goform/WifiMacFilterGet.'}, {'type': 'list_item', 'content': "Example tcpdump command to capture relevant traffic: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -i 'POST /goform/WifiMacFilterGet'"}, {'type': 'list_item', 'content': 'Inspect captured POST requests for the "index" parameter with abnormally large values.'}, {'type': 'paragraph', 'content': 'Additionally, reviewing web server logs on the affected device (if accessible) for POST requests to /goform/WifiMacFilterGet with suspiciously large "index" parameters can help detect exploitation attempts.'}] [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Currently, no known mitigations or patches are available for this vulnerability in the affected Tenda i3 firmware version 1.0.0.6(2204).'}, {'type': 'paragraph', 'content': 'Immediate steps to mitigate the risk include:'}, {'type': 'list_item', 'content': 'Restrict network access to the affected device, especially blocking external HTTP POST requests to the /goform/WifiMacFilterGet endpoint.'}, {'type': 'list_item', 'content': "Implement firewall rules to limit access to the router's management interface only to trusted hosts."}, {'type': 'list_item', 'content': 'Monitor network traffic and device logs for suspicious POST requests targeting the vulnerable endpoint.'}, {'type': 'list_item', 'content': 'Consider replacing the affected device with an alternative product not vulnerable to this issue.'}] [3]