CVE-2026-3802 - Vulnerability Details

- Tenda i3 exeCommand formexeCommand stack-based overflow

Description

A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a manipulation of the argument cmdinput can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

Published: 2026-03-09

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from an uncontrolled write to a stack buffer in the formexeCommand function of the Tenda i3 firmware. A malicious attacker can supply an oversized cmdinput value that corrupts the return pointer, enabling arbitrary code execution. The exploitation is a classic stack-based buffer overflow whose primary effect is the ability to execute arbitrary instructions on the device, thereby compromising confidentiality, integrity, and availability of the device and potentially the network it supports.

Affected Systems

The affected product is the Tenda i3 router running firmware version 1.0.0.6(2204). The flaw resides in the network access endpoint /goform/exeCommand, which is exposed to remote users. No other products or firmware versions were identified as vulnerable in the available data.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity attack. The EPSS of <1% suggests that automated exploitation may be rare, but the public disclosure and remote execution capability raise the risk of targeted attacks. The vulnerability is not listed in the CISA KEV catalog, yet any remote access to the /goform/exeCommand endpoint could potentially be leveraged to hijack the device. The attack vector is remote, as the description states that execution may be performed from outside the local network, implying that no local user privileges are required.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Tenda

affected

Version	Status	Constraints
`1.0.0.6(2204)`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:tenda:i3_firmware:1.0.0.6\(2204\):*:*:*:*:*:*:*

cpe:2.3:h:tenda:i3:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Tenda

100%

Version	Status	Scheme	Platform
`1.0.0.6(2204)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to the latest firmware release that contains a patch for the formexeCommand buffer overflow
If a firmware update is not immediately available, block or remove remote access to the /goform/exeCommand endpoint to prevent exploitation
Configure network perimeter firewalls to allow only trusted sources to access the router management interface and monitor for anomalous cmdinput traffic

Generated by OpenCVE AI on April 16, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00092.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-i3-formexeCommand-cmdinput-buffer-overflow
https://vuldb.com/?ctiid.349769
https://vuldb.com/?id.349769
https://vuldb.com/?submit.768983
https://www.tenda.com.cn/

History

Tue, 10 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 09 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda Tenda i3 Tenda i3 Firmware
CPEs		cpe:2.3:h:tenda:i3:-:::::::* cpe:2.3:o:tenda:i3_firmware:1.0.0.6\(2204\):::::::*
Vendors & Products		Tenda Tenda i3 Tenda i3 Firmware

Mon, 09 Mar 2026 05:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a manipulation of the argument cmdinput can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Title		Tenda i3 exeCommand formexeCommand stack-based overflow
Weaknesses		CWE-119 CWE-121
References		https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-i3-formexeCommand-cmdinput-buffer-overflow https://vuldb.com/?ctiid.349769 https://vuldb.com/?id.349769 https://vuldb.com/?submit.768983 https://www.tenda.com.cn/
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Tenda I3 I3 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-09T04:32:09.989Z

Updated: 2026-03-10T15:50:45.837Z

Reserved: 2026-03-08T12:39:31.711Z

Link: CVE-2026-3802

Vulnrichment

Updated: 2026-03-10T15:50:41.301Z

NVD

Status : Analyzed

Published: 2026-03-09T05:15:48.403

Modified: 2026-03-09T15:09:44.737

Link: CVE-2026-3802

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T10:30:16Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object