CVE-2026-36773
Deferred Deferred - Pending Action
Stack Overflow in Tenda W3 Wireless Router

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-36773
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
shenzhen_tenda_technology_co_ltd tenda_w3_wireless_router 1.0.0.3
shenzhen_tenda_technology_co_ltd tenda_w3 1.0.0.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the Tenda W3 Wireless Router version 1.0.0.3(2204) from Shenzhen Tenda Technology Co., Ltd. It is a stack overflow issue in the Go parameter of the ask_to_reboot function. This flaw allows attackers to send specially crafted input that triggers the overflow.

As a result, the attacker can cause the router to crash or become unresponsive, leading to a Denial of Service (DoS) condition.

Impact Analysis

This vulnerability can impact users by causing a Denial of Service (DoS) on the affected router. An attacker exploiting this flaw can make the router crash or stop functioning properly, disrupting network connectivity and access to internet services.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious HTTP requests targeting the ask_to_reboot CGI handler on the Tenda W3 Wireless Router. Specifically, look for HTTP requests containing an excessively long "GO" parameter, which is used to trigger the stack overflow.

A practical detection method is to capture and analyze HTTP traffic to the router's configuration interface and search for unusually long "GO" parameter values in requests to the ask_to_reboot endpoint.

  • Use a network packet capture tool like tcpdump or Wireshark to capture HTTP traffic on the router's management interface.
  • Example tcpdump command to capture HTTP requests to the router (replace <router_ip> with the router's IP address):
  • tcpdump -A -s 0 host <router_ip> and tcp port 80
  • Then, filter captured HTTP requests for the ask_to_reboot CGI handler and inspect the "GO" parameter length.
  • Alternatively, use curl or similar tools to send test requests with long "GO" parameters to check if the device responds abnormally or crashes.
Mitigation Strategies

Immediate mitigation steps include restricting access to the router's management interface to trusted networks or IP addresses to prevent unauthorized HTTP requests to the vulnerable ask_to_reboot handler.

Additionally, monitor the device for crashes or reboots that may indicate exploitation attempts.

If possible, apply firmware updates or patches provided by Shenzhen Tenda Technology Co., Ltd that address this stack overflow vulnerability.

As a temporary workaround, disable remote management or the vulnerable CGI handler if the router's configuration allows it.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36773. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart