CVE-2026-36792 - Vulnerability Details

- Stack Overflow Vulnerability in Tenda W3 Router Causing Denial of Service

Description

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formWifiRadioSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Published: 2026-06-09

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A stack overflow occurs in the wl_radio parameter within the formWifiRadioSet function of Shenzhen Tenda Technology's Tenda W3 Wireless Router firmware. This is a stack‑based buffer overflow vulnerability (CWE‑121). By sending a specially crafted HTTP request, an attacker can trigger the overflow and cause the device to crash or cease responding, leading to a denial of service of the router’s network functions.

Affected Systems

Shenzhen Tenda Technology Co., Ltd. Tenda W3 Wireless Router with firmware version 1.0.0.3(2204).

Risk and Exploitability

The vulnerability can be triggered remotely via the router’s web interface over HTTP. The description does not specify whether authentication is required; it is inferred that no authentication may be necessary. Based on the description, it is inferred that there is no proper input validation for the wl_radio field, allowing an attacker to send input of arbitrary length which may result in stack corruption and termination of the networking stack. The CVSS score is 7.5, the EPSS score is less than 1%, and it is not listed in the CISA KEV catalog. The ease of exploitation and the potential for widespread network disruption make the risk significant for networks that expose the router’s management interface to untrusted traffic.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Tenda

W3 Wireless Router

100%

Version	Status	Scheme	Platform
`1.0.0.3`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check Shenzhen Tenda’s official website for firmware updates that address the stack overflow in the formWifiRadioSet function, and apply the update if available.
If no new firmware is released, consider applying a custom patch or re-flashing firmware based on the fix available in the linked GitHub repository, ensuring compatibility and integrity.
Restrict access to the router’s web interface by configuring firewall rules to allow management traffic only from trusted local networks or VPNs, thereby limiting exposure to untrusted HTTP requests.

Generated by OpenCVE AI on June 10, 2026 at 22:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00254.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/xhh0124/SemVulLLM/tree/main/W3/formWifiRadioSet

History

Wed, 10 Jun 2026 23:00:00 +0000

Type	Values Removed	Values Added
Title		Stack Overflow Vulnerability in Tenda W3 Router Causing Denial of Service

Wed, 10 Jun 2026 21:45:00 +0000

Type	Values Removed	Values Added
Title	Stack Overflow in Tenda W3 Router HTTP Parameter Causing Denial of Service
Weaknesses	CWE-119

Wed, 10 Jun 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-121
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 10 Jun 2026 11:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda Tenda w3 Wireless Router
Vendors & Products		Tenda Tenda w3 Wireless Router

Tue, 09 Jun 2026 22:45:00 +0000

Type	Values Removed	Values Added
Title		Stack Overflow in Tenda W3 Router HTTP Parameter Causing Denial of Service
Weaknesses		CWE-119

Tue, 09 Jun 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formWifiRadioSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References		https://github.com/xhh0124/SemVulLLM/tree/main/W3/formWifiRadioSet

Subscriptions

Tenda W3 Wireless Router

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-06-09T00:00:00.000Z

Updated: 2026-06-10T18:56:28.813Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36792

Vulnrichment

Updated: 2026-06-10T18:56:14.100Z

NVD

Status : Deferred

Published: 2026-06-09T19:17:44.690

Modified: 2026-06-10T19:16:35.013

Link: CVE-2026-36792

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-10T22:45:27Z

Weaknesses

CWE-121
Stack-based Buffer Overflow

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object