CVE-2026-36784
Deferred Deferred - Pending Action

Stack Overflow in Tenda O3 Wireless Router

Publication date: 2026-06-09

Last updated on: 2026-06-10

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the ip parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a HTTP request.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-10
Generated
2026-06-30
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2026-36784

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
shenzhen_tenda_technology_co_ltd tenda_o3_wireless_router 1.0.0.5
tenda o3 1.0.0.5

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-36784 is a stack-based buffer overflow vulnerability found in the Tenda O3 Wireless Router version 1.0.0.5. It occurs in the fromNetToolGet CGI handler when a crafted HTTP request is sent with an excessively long 'ip' parameter.

The vulnerability arises because the 'ip' parameter is retrieved using a function that does not check the length and then copied into a fixed-size buffer using strcpy, which does not perform bounds checking. If the 'ip' parameter is longer than the buffer, it overwrites adjacent memory on the stack.

This memory overwrite can cause the router process to crash or become unstable, leading to a denial of service (DoS) condition.

Impact Analysis

This vulnerability can impact you by allowing an attacker to cause a denial of service (DoS) on your Tenda O3 Wireless Router.

By sending a specially crafted HTTP request with a maliciously long 'ip' parameter, an attacker can crash the router's process or cause device instability, potentially disrupting your network connectivity.

Detection Guidance

This vulnerability can be detected by monitoring for HTTP requests sent to the `fromNetToolGet` endpoint containing an unusually long or malformed `ip` parameter.

A practical detection method is to capture and analyze HTTP traffic targeting the Tenda O3 router, specifically looking for requests to the `fromNetToolGet` CGI handler with an `ip` parameter that exceeds normal length.

For example, using command-line tools like curl or wget, you can simulate or detect suspicious requests:

  • curl -v 'http://<router-ip>/fromNetToolGet?ip=<very_long_string>'
  • tcpdump or Wireshark filters to capture HTTP requests to `/fromNetToolGet` endpoint and inspect the `ip` parameter length.
Mitigation Strategies

Immediate mitigation steps include avoiding sending or allowing HTTP requests with excessively long `ip` parameters to the `fromNetToolGet` endpoint on the affected Tenda O3 router version v1.0.0.5.

If possible, restrict access to the router's management interface to trusted networks or IP addresses to reduce exposure.

Monitor the router for crashes or instability that may indicate exploitation attempts.

Contact the vendor for firmware updates or patches that address this stack overflow vulnerability.

Compliance Impact

The provided information does not specify any direct impact of the vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36784. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart