CVE-2026-4007
Received Received - Intake
Stack-Based Buffer Overflow in Tenda W3 POST Parameter Handler

Publication date: 2026-03-12

Last updated on: 2026-04-02

Assigner: VulDB

Description
A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-12
Last Modified
2026-04-02
Generated
2026-06-16
AI Q&A
2026-03-12
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4007
EUVD
EUVD-2026-11538
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda w3_firmware 1.0.0.3(2204)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

Exploitation of this vulnerability can lead to denial of service by crashing the httpd process on the affected router.

More critically, it may allow an attacker to execute arbitrary code remotely on the device, potentially compromising the confidentiality, integrity, and availability of the router.

This could result in unauthorized control over the device, disruption of network services, or further attacks on connected systems.

Compliance Impact

I don't know

Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-4007 is a stack-based buffer overflow vulnerability found in the Tenda W3 router, version 1.0.0.3(2204). It occurs in the POST parameter handler for the endpoint /goform/wifiSSIDget, specifically involving improper handling of the "index" parameter.'}, {'type': 'paragraph', 'content': 'When an attacker sends a POST request with an excessively long "index" value, it overflows a fixed-size buffer on the stack, causing stack corruption. This can lead to the crash of the httpd process or potentially allow arbitrary code execution on the device.'}, {'type': 'paragraph', 'content': 'The vulnerability can be exploited remotely without requiring authentication or physical access, making it highly severe.'}] [1, 2, 3]

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious POST requests to the endpoint /goform/wifiSSIDget with an unusually large or malformed "index" parameter, which triggers the stack-based buffer overflow.'}, {'type': 'paragraph', 'content': 'A practical detection method is to capture and analyze HTTP POST traffic targeting the /goform/wifiSSIDget endpoint on the Tenda W3 router version 1.0.0.3(2204).'}, {'type': 'list_item', 'content': 'Use network packet capture tools like tcpdump or Wireshark to filter POST requests to /goform/wifiSSIDget.'}, {'type': 'list_item', 'content': "Example tcpdump command to capture relevant traffic: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -i 'POST /goform/wifiSSIDget'"}, {'type': 'list_item', 'content': 'Inspect the POST data for the "index" parameter and check if it contains an excessively long string that could cause buffer overflow.'}, {'type': 'paragraph', 'content': 'Additionally, monitoring for crashes or restarts of the httpd process on the device may indicate exploitation attempts.'}] [1, 2, 3]

Mitigation Strategies

Immediate mitigation steps include avoiding exposure of the vulnerable Tenda W3 router firmware version 1.0.0.3(2204) to untrusted networks, especially the internet.

Since no known patches or mitigations have been published, it is recommended to restrict access to the /goform/wifiSSIDget endpoint by implementing firewall rules or network segmentation.

  • Block incoming POST requests to /goform/wifiSSIDget from untrusted sources.
  • Monitor the device for unusual behavior such as httpd crashes or reboots.

Ultimately, replacing the affected device or upgrading to a firmware version without this vulnerability is advised to fully mitigate the risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4007. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart