CVE-2026-36793
Deferred Deferred - Pending Action

Stack Overflow in Tenda W3 Wireless Router

Publication date: 2026-06-09

Last updated on: 2026-06-10

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the formwrlSSIDset function via the mit_ssid and mis_ssid_index parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-10
Generated
2026-06-30
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2026-36793

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
tenda w3 1.0.0.3
tenda w3 to 1.0.0.3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-36793 is a stack-based buffer overflow vulnerability found in the Tenda W3 Wireless Router firmware version V1.0.0.3(2204).

The vulnerability exists in the formwrlSSIDset function, specifically in the CGI handler FUN_00442b44, which processes HTTP requests.

An attacker can exploit this by sending a crafted HTTP request containing overly long mit_ssid and mis_ssid_index parameters. Because the sprintf function used in this handler does not check the length of these inputs, it causes a stack buffer overflow.

This overflow can crash the httpd process or cause the device to reboot, leading to a Denial of Service (DoS).

Impact Analysis

This vulnerability can impact you by causing a Denial of Service (DoS) on the affected Tenda W3 Wireless Router.

An attacker exploiting this flaw can crash the router's HTTP service or cause the device to reboot unexpectedly.

This disruption can lead to loss of network connectivity and availability, affecting any services or users relying on the router.

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests sent to the Tenda W3 Wireless Router, specifically targeting the formwrlSSIDset CGI handler.

Detection involves identifying crafted HTTP requests that include overly long mit_ssid and mis_ssid_index parameters, which exploit the stack-based buffer overflow.

  • Use network traffic analysis tools (e.g., Wireshark or tcpdump) to capture HTTP requests to the router and filter for requests containing the formwrlSSIDset endpoint.
  • Example tcpdump command to capture relevant HTTP requests: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'formwrlSSIDset'
  • Inspect captured HTTP requests for unusually long mit_ssid or mis_ssid_index parameter values that could indicate an exploit attempt.
Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable formwrlSSIDset CGI handler to trusted users only.

Limit or block external HTTP access to the router's management interface to prevent attackers from sending crafted requests.

Monitor the router for crashes or unexpected reboots, which may indicate exploitation attempts.

Apply any available firmware updates or patches from Shenzhen Tenda Technology Co., Ltd that address this vulnerability once released.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36793. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart