Description
A flaw has been found in Tenda i3 1.0.0.6(2204). This impacts the function formSetCfm of the file /goform/setcfm. This manipulation of the argument funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Published: 2026-03-09
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A stack-based buffer overflow exists in the formSetCfm endpoint of Tenda i3 firmware 1.0.0.6(2204). By supplying a crafted funcpara1 argument to the /goform/setcfm route, a remote attacker can overflow the stack and gain arbitrary code execution on the device, impacting confidentiality, integrity, and availability. The flaw receives a CVSS score of 8.7.

Affected Systems

The vulnerable system is the Tenda i3 router running firmware version 1.0.0.6(2204). All units shipping with this firmware are affected; no other firmware versions are listed as impacted.

Risk and Exploitability

The EPSS score is below 1 % and the vulnerability is not listed in CISA’s KEV catalog, yet an exploit has been published and remote exploitation is possible. Attackers can trigger the overflow by sending a crafted HTTP request to /goform/setcfm from outside the local network, indicating the attack vector is remote over the Internet. Despite the low exploitation probability, the high impact score makes the risk significant.

Generated by OpenCVE AI on April 16, 2026 at 10:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router firmware to a version that patches the formSetCfm stack-based overflow, as released by Tenda.
  • If a firmware update is not yet available, restrict external access to the device by placing it behind a firewall or network segmentation and disabling remote web management.
  • Monitor device logs and network traffic for abnormal requests to /goform/setcfm and block known malicious payloads using intrusion detection or packet filtering.

Generated by OpenCVE AI on April 16, 2026 at 10:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda i3
Tenda i3 Firmware
CPEs cpe:2.3:h:tenda:i3:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:i3_firmware:1.0.0.6\(2204\):*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda i3
Tenda i3 Firmware

Mon, 09 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in Tenda i3 1.0.0.6(2204). This impacts the function formSetCfm of the file /goform/setcfm. This manipulation of the argument funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Title Tenda i3 setcfm formSetCfm stack-based overflow
Weaknesses CWE-119
CWE-121
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda I3 I3 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-10T16:09:27.674Z

Reserved: 2026-03-08T12:34:17.787Z

Link: CVE-2026-3799

cve-icon Vulnrichment

Updated: 2026-03-10T16:09:22.337Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-09T04:16:04.720

Modified: 2026-03-09T16:14:24.893

Link: CVE-2026-3799

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T10:30:16Z

Weaknesses