CVE-2026-36793 - Vulnerability Details

- Stack Overflow in Tenda W3 Router SSID Setter Causing DoS

Description

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the formwrlSSIDset function via the mit_ssid and mis_ssid_index parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Published: 2026-06-09

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A stack-based buffer overflow exists in the formwrlSSIDset function of the Tenda W3 Wireless Router firmware v1.0.0.3(2204). The vulnerability is triggered by crafted values supplied through the mit_ssid and mis_ssid_index HTTP parameters, which overrun the stack, corrupt memory, and cause the router to crash. The immediate consequence is a denial of service that prevents legitimate users from accessing network resources, with no evidence of code execution or data disclosure.

Affected Systems

Shenzhen Tenda Technology Co., Ltd. Tenda W3 Wireless Router running firmware version 1.0.0.3(2204). No other affected versions are listed in the disclosure.

Risk and Exploitability

The CVSS score is 7.5, reflecting a high impact severity. The EPSS score is less than 1 %, indicating a low probability of exploitation in the current environment. The vulnerability is not listed in the CISA KEV catalog. It is inferred that the attack vector is a remote HTTP request to the router's administration interface, either from the Internet or from a compromised local network. Because the flaw leads solely to a service interruption, the impact is significant for availability but does not compromise confidentiality or integrity.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Tenda

W3 Wireless Router

100%

Version	Status	Scheme	Platform
`1.0.0.3(2204)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check Shenzhen Tenda’s website for any firmware update or security advisory and apply updates if available
Restrict HTTP access to the router’s administration interface, limiting it to trusted IP addresses or securing it through a VPN or firewall rule
Monitor device logs for repeated malformed SSID requests and block offending IPs or employ intrusion detection to detect suspicious activity

Generated by OpenCVE AI on June 10, 2026 at 23:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00254.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/xhh0124/SemVulLLM/tree/main/W3/FUN_00442b44

History

Wed, 10 Jun 2026 23:30:00 +0000

Type	Values Removed	Values Added
Title		Stack Overflow in Tenda W3 Router SSID Setter Causing DoS

Wed, 10 Jun 2026 21:00:00 +0000

Type	Values Removed	Values Added
Title	Stack-Based Buffer Overflow in Tenda W3 Wireless Router SSID Configuration Leads to Denial of Service
Weaknesses	CWE-120

Wed, 10 Jun 2026 18:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-121
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 10 Jun 2026 11:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda Tenda w3 Wireless Router
Vendors & Products		Tenda Tenda w3 Wireless Router

Tue, 09 Jun 2026 22:15:00 +0000

Type	Values Removed	Values Added
Title		Stack-Based Buffer Overflow in Tenda W3 Wireless Router SSID Configuration Leads to Denial of Service
Weaknesses		CWE-120

Tue, 09 Jun 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the formwrlSSIDset function via the mit_ssid and mis_ssid_index parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References		https://github.com/xhh0124/SemVulLLM/tree/main/W3/FUN_00442b44

Subscriptions

Tenda W3 Wireless Router

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-06-09T00:00:00.000Z

Updated: 2026-06-10T17:50:44.907Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36793

Vulnrichment

Updated: 2026-06-10T17:49:37.137Z

NVD

Status : Deferred

Published: 2026-06-09T19:17:44.803

Modified: 2026-06-10T18:16:45.450

Link: CVE-2026-36793

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-10T23:15:28Z

Weaknesses

CWE-121
Stack-based Buffer Overflow

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object