CVE-2026-36777

Deferred Deferred - Pending Action

Stack Overflow in Tenda W3 Wireless Router

Publication date: 2026-06-09

Last updated on: 2026-06-10

Assigner: MITRE

Description

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the param_1 parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-10

Generated

2026-06-30

AI Q&A

2026-06-10

EPSS Evaluated

2026-06-28

NVD

CVE-2026-36777

Affected Vendors & Products

Vendor	Product	Version / Range
shenzhen_tenda_technology_co_ltd	tenda_w3_wireless_router	1.0.0.3
tenda	w3	to 1.0.0.3 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-121	A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-36777 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-36777 is a stack-based buffer overflow vulnerability found in the Tenda W3 Wireless Router firmware version 1.0.0.3(2204). It occurs in the formSetCfm function, specifically when handling user-supplied parameters without proper length validation. An attacker can send a specially crafted HTTP request to the formSetCfm endpoint with an overly long parameter, causing the router to overflow its buffer. This can lead to a denial of service or potentially allow arbitrary code execution.

Impact Analysis

This vulnerability can impact you by allowing an attacker to cause a denial of service (DoS) on your Tenda W3 Wireless Router, making the device unavailable or unresponsive. Additionally, because the buffer overflow may allow arbitrary code execution, an attacker might gain control over the router, potentially compromising your network security.

Detection Guidance

This vulnerability can be detected by monitoring for HTTP requests sent to the formSetCfm CGI endpoint of the Tenda W3 Wireless Router firmware version 1.0.0.3(2204). Specifically, detection involves identifying unusually long or crafted funcpara1 parameters in requests where funcname equals save_list_data.

A practical approach is to capture network traffic and filter HTTP requests targeting the formSetCfm endpoint, then inspect the length and content of the funcpara1 parameter.

Example commands to detect such attempts might include:

Using tcpdump to capture HTTP traffic to the router's IP on port 80: tcpdump -A -s 0 'host <router_ip> and tcp port 80'
Using grep or similar tools on captured traffic to find requests containing 'formSetCfm' and 'funcname=save_list_data'.
Using a web proxy or intrusion detection system (IDS) with custom rules to alert on HTTP requests with overly long funcpara1 parameters to formSetCfm.

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable formSetCfm endpoint on the Tenda W3 Wireless Router to trusted users only, such as by implementing firewall rules or network segmentation.

Additionally, monitoring and blocking suspicious HTTP requests with unusually long funcpara1 parameters targeting the formSetCfm endpoint can help prevent exploitation.

If possible, update the router firmware to a version that patches this stack overflow vulnerability once it becomes available from the vendor.

Hi! I’m here to help you understand CVE-2026-36777. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70