Description
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the username parameter of the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack overflow exists in the username parameter of the R7WebsSecurityHandler function in the firmware of Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router. By supplying a specially crafted HTTP request with an oversized or malformed username field, an attacker can trigger a buffer overflow that causes the device to crash and become unavailable. This flaw is a classic buffer overflow weakness, which compromises device stability but does not provide direct code execution capability.

Affected Systems

The vulnerability affects the Tenda O3 Wireless Router running firmware version 1.0.0.5(4180). No other vendor or product versions are known to be impacted at this time.

Risk and Exploitability

The vulnerability can be exploited remotely over the Internet by sending a malicious HTTP request to the R7WebsSecurityHandler endpoint. Because the flaw causes a crash, it represents a high denial‑of‑Service risk to the network served by the router. The EPSS score is less than 1%, indicating a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The CVSS score of 4.9 indicates moderate severity, reflecting the impact on availability rather than confidentiality or integrity.

Generated by OpenCVE AI on June 10, 2026 at 20:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Tenda support site or contact vendor support to determine if a firmware update that fixes the R7WebsSecurityHandler stack overflow is available and apply it as soon as possible
  • Configure upstream firewall or IDS/IPS rules to detect and block malicious HTTP requests that target the R7WebsSecurityHandler endpoint, especially those with unusually large or malformed username fields
  • If no firmware update is available, restrict access to the router’s configuration interface to trusted IP addresses, or isolate the device on a separate management VLAN and apply IP‑based filtering to reduce exposure

Generated by OpenCVE AI on June 10, 2026 at 20:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Title Stack Overflow in Username Parameter Causes DoS on Tenda O3 Wireless Router

Wed, 10 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda o3 Wireless Router
Vendors & Products Tenda
Tenda o3 Wireless Router

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the username parameter of the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

Tenda O3 Wireless Router
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-10T17:39:21.860Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36778

cve-icon Vulnrichment

Updated: 2026-06-10T17:39:17.475Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:44.090

Modified: 2026-06-10T18:16:44.987

Link: CVE-2026-36778

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T20:15:24Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow