Description
A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Published: 2026-03-12
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a stack-based buffer overflow in the formSetAutoPing function of the Tenda W3 1.0.0.3(2204) firmware. Manipulating the POST parameters ping1 or ping2 causes a stack overflow that can potentially allow an attacker to inject and execute arbitrary code or crash the router. The weakness is identified as CWE-119 and CWE-121.

Affected Systems

Affected vendor is Tenda, product W3. The vulnerable firmware version is 1.0.0.3(2204). No other versions are listed.

Risk and Exploitability

The CVSS score is 8.7, indicating a high impact potential. The EPSS score is below 1%, suggesting the exploit is not widely observed yet. The vulnerability is not listed in CISA's KEV catalog. The attack can be carried out remotely via the web interface by sending crafted POST requests to /goform/setAutoPing. Public exploits are available on GitHub and Vuldb, confirming that remote exploitation is possible.

Generated by OpenCVE AI on March 18, 2026 at 15:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and apply the latest official firmware update from Tenda for the W3 device.
  • If a patch is unavailable, restrict remote access to the router's web interface or disable the auto ping feature.

Generated by OpenCVE AI on March 18, 2026 at 15:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda w3 Firmware
Weaknesses CWE-787
CPEs cpe:2.3:h:tenda:w3:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:w3_firmware:1.0.0.3\(2204\):*:*:*:*:*:*:*
Vendors & Products Tenda w3 Firmware

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda w3
Vendors & Products Tenda
Tenda w3

Thu, 12 Mar 2026 02:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Title Tenda W3 POST Parameter setAutoPing formSetAutoPing stack-based overflow
Weaknesses CWE-119
CWE-121
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda W3 W3 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-12T16:22:48.432Z

Reserved: 2026-03-11T14:01:21.742Z

Link: CVE-2026-3973

cve-icon Vulnrichment

Updated: 2026-03-12T16:22:44.684Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T02:15:58.817

Modified: 2026-04-02T20:07:55.283

Link: CVE-2026-3973

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:36:18Z

Weaknesses