CVE-2026-36772
Deferred Deferred - Pending Action

Stack Overflow in Tenda W3 Wireless Router

Publication date: 2026-06-09

Last updated on: 2026-06-10

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-10
Generated
2026-06-30
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2026-36772

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
shenzhen_tenda_technology_co_ltd tenda_w3_wireless_router 1.0.0.3
tenda w3 to 1.0.0.3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-36772 is a stack-based buffer overflow vulnerability in the Tenda W3 Wireless Router firmware version 1.0.0.3(2204). It occurs in the formwrlSSIDget CGI handler due to improper handling of the user-controlled parameters wl_radio and index.

Specifically, the index parameter is inserted into a fixed-size stack buffer using sprintf without validating its length. When an attacker sends a crafted HTTP request with wl_radio set to "0" and an excessively long index value, this causes a buffer overflow.

This overflow can lead to a Denial of Service (DoS) by crashing or rebooting the device, and potentially allows arbitrary code execution.

Impact Analysis

This vulnerability can impact you by causing a Denial of Service (DoS) on the affected Tenda W3 Wireless Router, making the device crash or reboot unexpectedly.

Additionally, there is a potential risk of arbitrary code execution, which could allow an attacker to take control of the router or disrupt its normal operation.

Detection Guidance

This vulnerability can be detected by sending a crafted HTTP request to the formwrlSSIDget CGI endpoint on the Tenda W3 Wireless Router firmware version 1.0.0.3(2204). Specifically, the request should include the parameter wl_radio set to "0" and an excessively long index value to test for the stack-based buffer overflow.

A detection command example using curl might be:

  • curl -X GET "http://<router-ip>/formwrlSSIDget?wl_radio=0&index=$(python3 -c 'print("A"*500)')"

If the router crashes, reboots, or behaves abnormally after this request, it indicates the presence of the vulnerability.

Mitigation Strategies

To mitigate the CVE-2026-36772 vulnerability, immediately restrict or block access to the formwrlSSIDget CGI endpoint on the Tenda W3 Wireless Router to prevent attackers from sending crafted HTTP requests with malicious wl_radio and index parameters.

Additionally, monitor network traffic for suspicious requests targeting the formwrlSSIDget endpoint, especially those with unusually long index parameter values.

If possible, update the router firmware to a version that patches this stack overflow vulnerability once it becomes available from the vendor.

Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-36772 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36772. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart