CVE-2026-36779 - Vulnerability Details

- Tenda O3 Router Stack Overflow Enables Remote Denial of Service

Description

Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, __s2, __s1_00, and puVar3 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Published: 2026-06-09

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is caused by multiple stack overflows within the fromVirtualSer function of the Tenda O3 Wireless Router. Attackers can trigger these overflows by sending specially crafted HTTP requests that manipulate the puVar2, puVar1, __s2, __s1_00, and puVar3 parameters. When the overflow occurs, it corrupts the router’s stack, causing the device to crash or become unresponsive. The impact is limited to availability; there is no direct compromise of confidentiality or integrity.

Affected Systems

Shenzhen Tenda Technology Co., Ltd. Tenda O3 Wireless Router, firmware version 1.0.0.5 (build 4180). No other vendors or product revisions are currently identified as affected.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity level, while the EPSS score of less than 1% suggests a low probability that the vulnerability is actively exploited at present. The router must be reachable over the local network or the internet for an attacker to send the malicious HTTP request, so the likelihood of exploitation depends on the router’s exposure. The router’s availability can be disrupted, potentially affecting all users reliant on the device, yet the vulnerability is not listed in the CISA KEV catalog.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Tenda

O3 Wireless Router

100%

Version	Status	Scheme	Platform
`v1.0.0.5(4180)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the official firmware update from the Tenda website that addresses the stack overflow and implements stack protection mechanisms against CWE‑121 related failures.
If an update is unavailable, restrict or block HTTP access to the router’s management interface from untrusted or external networks, ensuring the vulnerable service is unreachable.
Enable or configure any available stack protection features on the router, such as stack canaries or guard pages, to mitigate buffer overflows (CWE‑121), or consider replacing the device with a model that incorporates these protections.

Generated by OpenCVE AI on June 10, 2026 at 23:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00397.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/xhh0124/SemVulLLM/tree/main/O3/fromVirtualSer

History

Wed, 10 Jun 2026 23:30:00 +0000

Type	Values Removed	Values Added
Title		Tenda O3 Router Stack Overflow Enables Remote Denial of Service

Wed, 10 Jun 2026 21:15:00 +0000

Type	Values Removed	Values Added
Title	Stack Overflows in Tenda O3 Router fromVirtualSer Leading to Denial of Service
Weaknesses	CWE-122

Wed, 10 Jun 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-121
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 10 Jun 2026 11:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda Tenda o3 Wireless Router
Vendors & Products		Tenda Tenda o3 Wireless Router

Tue, 09 Jun 2026 22:45:00 +0000

Type	Values Removed	Values Added
Title		Stack Overflows in Tenda O3 Router fromVirtualSer Leading to Denial of Service
Weaknesses		CWE-122

Tue, 09 Jun 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, __s2, __s1_00, and puVar3 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References		https://github.com/xhh0124/SemVulLLM/tree/main/O3/fromVirtualSer

Subscriptions

Tenda O3 Wireless Router

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-06-09T00:00:00.000Z

Updated: 2026-06-10T18:41:20.513Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36779

Vulnrichment

Updated: 2026-06-10T18:39:54.649Z

NVD

Status : Deferred

Published: 2026-06-09T19:17:44.213

Modified: 2026-06-10T19:16:34.683

Link: CVE-2026-36779

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-10T23:15:28Z

Weaknesses

CWE-121
Stack-based Buffer Overflow

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object