CVE-2026-36783
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-36783
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
shenzhen_tenda_technology_co_ltd tenda_o3_wireless_router 1.0.0.5
tenda o3 to 1.0.0.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability CVE-2026-36783 affects the Tenda O3 Wireless Router, specifically in the fromNetToolGet CGI handler. It is a stack-based buffer overflow caused by improper handling of the domain parameter in the fromNetToolGet function. An attacker can send a specially crafted HTTP request with malicious parameters to this endpoint, which can trigger execution of arbitrary system commands such as traceroute or telnetd. This can lead to denial of service or potentially arbitrary code execution on the device.

Impact Analysis

This vulnerability can impact you by allowing attackers to cause a denial of service (DoS) on your Tenda O3 Wireless Router, making the device unstable or unusable. Additionally, because the vulnerability allows for arbitrary code execution via crafted HTTP requests, attackers could potentially take control of the device, execute unauthorized commands, or disrupt network operations.

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests sent to the fromNetToolGet CGI handler on the Tenda O3 Wireless Router. Specifically, look for crafted HTTP requests that include the domain parameter with suspicious values such as command injections (e.g., domain= telnetd -l /bin/sh -p 7890) and the hop parameter set to 1.

A practical detection method is to capture and analyze network traffic for HTTP requests targeting the fromNetToolGet endpoint with unusual or command-like parameters.

  • Use a network packet capture tool like tcpdump or Wireshark to filter HTTP requests to the vulnerable router IP and check for suspicious domain parameter values.
  • Example tcpdump command to capture HTTP requests to the router (replace <router_ip> with the actual IP):
  • tcpdump -A -s 0 host <router_ip> and tcp port 80 | grep 'fromNetToolGet'
  • Inspect captured requests for domain parameters containing shell commands or unusual strings.
Mitigation Strategies

Immediate mitigation steps include restricting access to the fromNetToolGet CGI handler to trusted users only, such as by implementing network access controls or firewall rules that block unauthorized HTTP requests to the router.

Additionally, monitor and filter incoming HTTP requests to detect and block those containing suspicious parameters targeting the domain parameter.

If possible, update the router firmware to a version that patches this vulnerability once it becomes available from the vendor.

As a temporary workaround, disable or restrict the fromNetToolGet CGI handler if the router configuration allows it.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36783. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart