Description
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack overflow occurs in the domain parameter of the fromNetToolGet function in Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router firmware version 1.0.0.5(4180). An attacker can send a specially crafted HTTP request that overflows the buffer, causing the router to crash and become unreachable. The resulting denial of service renders legitimate users unable to access network services.

Affected Systems

The vulnerability affects the Tenda O3 Wireless Router running firmware v1.0.0.5(4180). No other vendors, products, or versions are listed as impacted.

Risk and Exploitability

With a CVSS score of 7.5 the flaw is classified as high severity. The EPSS score of less than 1% indicates a low probability of exploitation at present. The vulnerability is not listed in CISA KEV, so no known exploitation exists. The likely attack vector is remote HTTP traffic to the endpoint that exposes fromNetToolGet, exploiting insufficient input validation on the domain parameter.

Generated by OpenCVE AI on June 11, 2026 at 00:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest router firmware from Tenda that contains a fix for the domain parameter overflow in fromNetToolGet
  • If a firmware update is not yet available, block or rate‑limit HTTP traffic to the fromNetToolGet endpoint to prevent repeated overflow attempts
  • Implement application‑level input validation to ensure the domain parameter does not exceed its expected length before processing

Generated by OpenCVE AI on June 11, 2026 at 00:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Title Stack Overflow in fromNetToolGet Causes DoS on Tenda O3 Router

Wed, 10 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Stack Overflow in Domain Parameter of fromNetToolGet Leads to DoS on Tenda O3 Router
Weaknesses CWE-120

Wed, 10 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda o3 Wireless Router
Vendors & Products Tenda
Tenda o3 Wireless Router

Tue, 09 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Stack Overflow in Domain Parameter of fromNetToolGet Leads to DoS on Tenda O3 Router
Weaknesses CWE-120

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

Tenda O3 Wireless Router
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-10T19:12:31.662Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36783

cve-icon Vulnrichment

Updated: 2026-06-10T19:11:16.548Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:44.323

Modified: 2026-06-10T20:16:39.320

Link: CVE-2026-36783

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T00:15:27Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow