CVE-2026-3976
Stack-Based Buffer Overflow in Tenda W3 Remote POST Handler
Publication date: 2026-03-12
Last updated on: 2026-04-02
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | w3_firmware | 1.0.0.3(2204) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-3976 is a stack-based buffer overflow vulnerability in the Tenda W3 router firmware version 1.0.0.3(2204). It exists in the function formWifiMacFilterSet, which handles POST requests at the /goform/WifiMacFilterSet endpoint.'}, {'type': 'paragraph', 'content': 'The vulnerability arises because the POST parameters "index" and "GO" are copied into fixed-size buffers on the stack without proper length validation. An attacker can send an excessively long value in these parameters, causing a stack buffer overflow.'}, {'type': 'paragraph', 'content': 'This overflow can corrupt the stack, potentially leading to device crashes or allowing an attacker to execute arbitrary code remotely.'}] [1, 2, 3, 4, 5]
How can this vulnerability impact me? :
This vulnerability can have serious impacts on the affected Tenda W3 router devices.
- An attacker can remotely exploit the vulnerability without authentication.
- Exploitation can cause the device to crash, resulting in denial of service.
- More critically, an attacker may execute arbitrary code on the device, potentially gaining control over it.
- This compromises the confidentiality, integrity, and availability of the device and its network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring or testing the /goform/WifiMacFilterSet endpoint on the Tenda W3 router firmware version 1.0.0.3(2204). Specifically, sending crafted POST requests with excessively long values in the "index" or "GO" parameters can trigger the stack-based buffer overflow.'}, {'type': 'paragraph', 'content': 'A detection method involves sending a POST request to the vulnerable endpoint with a large payload in the "index" or "GO" parameter and observing if the device crashes or behaves abnormally, indicating the presence of the vulnerability.'}, {'type': 'list_item', 'content': 'Example command using curl to test the "index" parameter (proof of concept):'}, {'type': 'paragraph', 'content': 'curl -X POST http://[router_ip]/goform/WifiMacFilterSet -d "index=$(python3 -c \'print("A"*1000)\')"'}, {'type': 'list_item', 'content': 'Example command using curl to test the "GO" parameter:'}, {'type': 'paragraph', 'content': 'curl -X POST http://[router_ip]/goform/WifiMacFilterSet -d "GO=$(python3 -c \'print("A"*1000)\')"'}, {'type': 'paragraph', 'content': 'If the device crashes, reboots, or shows signs of instability after these requests, it indicates the vulnerability is present.'}] [2, 3, 5]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'There are no known countermeasures or official patches currently available for this vulnerability.'}, {'type': 'paragraph', 'content': 'The recommended immediate mitigation is to replace the affected Tenda W3 router version 1.0.0.3(2204) with an alternative device that is not vulnerable.'}, {'type': 'paragraph', 'content': "Additionally, restricting remote access to the router's management interface and monitoring network traffic for suspicious POST requests to /goform/WifiMacFilterSet can help reduce exposure."}] [4]