Description
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, __s2, __s1_00, and puVar3 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises from multiple stack overflows in the fromVirtualSer function of Tenda O3 routers, triggered by carefully crafted HTTP requests that manipulate the parameters puVar2, puVar1, __s2, __s1_00, and puVar3. The overflow conditions can corrupt the stack and cause the router to crash or become unresponsive, effectively denying access to the network device and the services it provides. As the impact is limited to availability, confidentiality and integrity are not directly compromised.

Affected Systems

Shenzhen Tenda Technology Co., Ltd. Tenda O3 Wireless Router, firmware version 1.0.0.5 (build 4180). No other vendors or product versions are currently documented as affected.

Risk and Exploitability

The CVSS score is not available in the supplied data, and there is no EPSS score reported; the vulnerability is not listed in CISA KEV. Based on the description, the attack vector is inferred to be remote network where an attacker sends a crafted HTTP request to the router’s management interface. Because the payload must reach the device over the local network or the internet, the likelihood of exploitation depends on the router’s exposure. While exact severity cannot be quantified without CVSS, the denial of service could disrupt network operations for any user relying on the router.

Generated by OpenCVE AI on June 9, 2026 at 22:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest firmware from the official Tenda website that addresses the stack overflow issue.
  • If an updated firmware is not available, block or restrict HTTP access to the router’s management interface from untrusted networks.
  • Place the router behind a firewall or VPN and limit management access to trusted internal networks.
  • Monitor router logs for abnormal HTTP requests and reboot if instability occurs.

Generated by OpenCVE AI on June 9, 2026 at 22:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Stack Overflows in Tenda O3 Router fromVirtualSer Leading to Denial of Service
Weaknesses CWE-122

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, __s2, __s1_00, and puVar3 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-09T18:12:38.151Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36779

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:44.213

Modified: 2026-06-09T19:35:05.693

Link: CVE-2026-36779

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:30:14Z

Weaknesses