CVE-2026-36784 - Vulnerability Details

- Stack Overflow in Tenda O3 Router's fromNetToolGet Function Causes DoS

Description

Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the ip parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a HTTP request.

Published: 2026-06-09

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A stack overflow was identified in the ip parameter of the fromNetToolGet function in the Tenda O3 Wireless Router firmware v1.0.0.5(4180). The flaw can be triggered by a crafted HTTP request, causing the router to crash and rendering the device unavailable. The weakness is a stack‑based buffer overflow (CWE-121). The impact is a loss of network connectivity for all users relying on the router, compromising availability but not confidentiality or integrity.

Affected Systems

The vulnerability affects the Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router running firmware version v1.0.0.5(4180). No other vendors or product versions are listed.

Risk and Exploitability

Attackers can remotely exploit the flaw by sending a malformed ip parameter to the router’s HTTP endpoint. The resulting stack overflow leads to a denial of service, which is considered a high severity issue. The CVSS score is 7.5 and the EPSS score is < 1%, indicating a very low but nonzero exploitation probability. The vulnerability is not listed in the CISA KEV catalog, suggesting no publicly documented exploits yet. Based on the description, it is inferred that remote exploitation is feasible if the router is exposed to untrusted networks, and the attack vector is likely via the HTTP interface as the crafted request targets that endpoint.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Tenda

O3 Wireless Router

100%

Version	Status	Scheme	Platform
`1.0.0.5`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the router firmware to the latest release that addresses the stack overflow flaw
Restrict external access to the router’s administrative interface or block traffic to the fromNetToolGet endpoint at the network perimeter
Monitor router logs for repeated attempts to access the vulnerable function and investigate any abnormal activity

Generated by OpenCVE AI on June 11, 2026 at 01:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00329.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/xhh0124/SemVulLLM/tree/main/O3/fromNetToolGet_ip

History

Thu, 11 Jun 2026 02:15:00 +0000

Type	Values Removed	Values Added
Title		Stack Overflow in Tenda O3 Router's fromNetToolGet Function Causes DoS

Thu, 11 Jun 2026 00:00:00 +0000

Type	Values Removed	Values Added
Title	Stack Overflow in Tenda O3 Router fromNetToolGet Leading to Denial of Service
Weaknesses	CWE-119

Wed, 10 Jun 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-121
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 10 Jun 2026 11:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda Tenda o3 Wireless Router
Vendors & Products		Tenda Tenda o3 Wireless Router

Tue, 09 Jun 2026 22:45:00 +0000

Type	Values Removed	Values Added
Title		Stack Overflow in Tenda O3 Router fromNetToolGet Leading to Denial of Service
Weaknesses		CWE-119

Tue, 09 Jun 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the ip parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a HTTP request.
References		https://github.com/xhh0124/SemVulLLM/tree/main/O3/fromNetToolGet_ip

Subscriptions

Tenda O3 Wireless Router

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-06-09T00:00:00.000Z

Updated: 2026-06-10T18:58:14.858Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36784

Vulnrichment

Updated: 2026-06-10T18:58:04.857Z

NVD

Status : Deferred

Published: 2026-06-09T19:17:44.440

Modified: 2026-06-10T19:16:34.850

Link: CVE-2026-36784

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-11T02:00:16Z

Weaknesses

CWE-121
Stack-based Buffer Overflow

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object