Description
A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
Published: 2026-04-05
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A buffer overflow exists in the setAdvPolicyData function of the Destination Handler on the Tenda M3 router. By manipulating the policyType argument, an attacker can overwrite adjacent memory, yielding arbitrary code execution. This vulnerability is a classic example of CWE‑119 (Buffer Overflow) and CWE‑120 (Improper Validation of Array Index).

Affected Systems

The flaw is present only in the Tenda M3 firmware version 1.0.0.10. No other firmware releases were identified as affected by the vendor or in the published advisory. Devices running newer firmware are not known to be impacted.

Risk and Exploitability

The issue carries a CVSS score of 8.7, which marks it as high severity. EPSS data is unavailable and the exploit is not listed in the CISA KEV catalog. The advisory states the exploit has been published and can be triggered remotely via the /goform/setAdvPolicyData interface, so an attacker only needs network reachability to the router’s administrative endpoint to attempt exploitation.

Generated by OpenCVE AI on April 5, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from Tenda that addresses the setAdvPolicyData buffer overflow.

Generated by OpenCVE AI on April 5, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda m3
Vendors & Products Tenda m3

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sun, 05 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
Title Tenda M3 Destination setAdvPolicyData buffer overflow
First Time appeared Tenda
Tenda m3 Firmware
Weaknesses CWE-119
CWE-120
CPEs cpe:2.3:o:tenda:m3_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda m3 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda M3 M3 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-06T14:50:41.855Z

Reserved: 2026-04-04T14:26:11.706Z

Link: CVE-2026-5567

cve-icon Vulnrichment

Updated: 2026-04-06T14:41:51.250Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-05T13:17:14.707

Modified: 2026-04-07T13:20:35.010

Link: CVE-2026-5567

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:56:44Z

Weaknesses