Description
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack overflow exists in the domain parameter of the fromNetToolGet function of the Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router firmware version 1.0.0.5(4180). An attacker can send a specially crafted HTTP request that overflows the buffer, causing the router to crash and become unreachable. The vulnerability results in a denial of service for legitimate users by rendering the router inoperable.

Affected Systems

The affected product is the Tenda O3 Wireless Router running firmware v1.0.0.5(4180). No other vendors or products are listed. Users of this specific router model are at risk.

Risk and Exploitability

No CVSS score is provided, and the EPSS score is not available, so the quantitative risk is unknown. The vulnerability is not listed in CISA KEV, indicating no known widespread exploitation. The likely attack vector is remote via HTTP, leveraging the limited input validation in the domain parameter of fromNetToolGet. If an attacker can reach the router over the network, they can cause a DoS by triggering the overflow.

Generated by OpenCVE AI on June 9, 2026 at 22:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest router firmware from Tenda that addresses the domain parameter overflow in fromNetToolGet
  • If no update is available, block or rate‑limit HTTPS/HTTP traffic to the endpoint that exposes fromNetToolGet to prevent repeated overflow attempts
  • Consider implementing application‑level input validation to ensure the domain parameter does not exceed its expected length before processing

Generated by OpenCVE AI on June 9, 2026 at 22:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Stack Overflow in Domain Parameter of fromNetToolGet Leads to DoS on Tenda O3 Router
Weaknesses CWE-120

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-09T18:12:33.575Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36783

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:44.323

Modified: 2026-06-09T19:35:05.693

Link: CVE-2026-36783

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:30:14Z

Weaknesses