CVE-2026-36770: Tenda Router Stack Overflow DoS Vulnerability
A stack overflow vulnerability exists in Tenda US_W3V1.0BR wireless router firmware version 1.0.0.3. The flaw is in the ask_to_reboot function's handling of the Go parameter, allowing attackers to send specially crafted input that causes the router to crash or become unresponsive. This is a remote attack that requires no authentication or user interaction, making it practical to exploit at scale.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.5 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Weaknesses (CWE)
- CWE-121
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-09 / 2026-06-17
NVD description (verbatim)
Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
1 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-36770 is a stack-based buffer overflow (CWE-121) in the ask_to_reboot function of the Tenda US_W3V1.0BR router running firmware v1.0.0.3. The Go parameter fails to validate input length before copying data onto the stack, creating conditions for memory corruption. The vulnerability is network-accessible and does not require prior authentication. Attackers can craft HTTP or network requests containing oversized Go parameter values to trigger the overflow, resulting in denial of service through crash or resource exhaustion. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) reflects a high-severity impact on availability with no direct confidentiality or integrity compromise.
Business impact
Affected organizations lose router availability and network connectivity during an attack, disrupting business operations and user access. Home and small-office networks become unreachable, potentially affecting productivity and remote work. While the vulnerability does not enable data theft or system compromise, the denial of service impact can be severe if multiple routers are targeted in an environment. Organizations relying on affected Tenda routers for critical network functions face operational risk until patches are deployed.
Affected systems
Tenda US_W3V1.0BR wireless router firmware version 1.0.0.3 is confirmed vulnerable. The vendor did not provide a confirmed list of affected product families or regions in available disclosures. Organizations should verify whether their Tenda router model and firmware version match the identified configuration and check the vendor's security advisory for clarification on which other models may be similarly impacted.
Exploitability
This vulnerability is straightforward to exploit. No authentication, user interaction, or special privileges are required; the attack is purely network-based. An attacker can send a single crafted request to a router's web management interface or vulnerable network service to trigger the stack overflow. The barrier to exploitation is low, and proof-of-concept development is relatively straightforward for researchers with buffer overflow expertise. However, the vulnerability is not currently tracked in the CISA Known Exploited Vulnerabilities (KEV) catalog, suggesting active exploitation in the wild has not been publicly confirmed as of the last update.
Remediation
Firmware patching is the definitive remediation. Organizations should contact Tenda or consult the vendor's security advisories to identify and deploy the patched firmware version that addresses stack overflow in the ask_to_reboot function. Until patches are available and deployed, network segmentation can limit exposure by restricting direct access to router management interfaces from untrusted networks. Disabling remote management features where not operationally necessary further reduces the attack surface.
Patch guidance
Check the Tenda support portal and recent security advisories for firmware updates addressing CVE-2026-36770. Firmware updates typically require the router to be accessed via web management interface (usually http://192.168.0.1 or similar) with administrative credentials. Before patching, back up router configuration to avoid loss of settings. Verify the patch version number against official Tenda documentation to ensure you are installing a version confirmed to remediate this specific vulnerability. Test the patched router in a non-production environment if possible before rolling out to critical deployments.
Detection guidance
Network detection should focus on unusual or oversized requests to the router's web interface, particularly to functions like ask_to_reboot. Look for HTTP requests with abnormally long Go parameter values, repeated crashes of the router device, or sudden resets that correlate with external network activity. Endpoint and network monitoring should flag routers unexpectedly rebooting or becoming unresponsive when previously stable. Implement rate limiting on router management interfaces to slow down brute-force or DoS attempts. Enable router logging and review logs for stack trace errors or memory corruption indicators if the firmware supports such diagnostics.
Why prioritize this
This vulnerability merits immediate attention due to its HIGH CVSS score (7.5), ease of exploitation (no authentication required, network-accessible), and impact on network availability. While not yet confirmed as actively exploited in the wild, the combination of low exploitation complexity and high availability impact makes it attractive to threat actors. Any organization running the identified firmware version should prioritize patching to restore resilience and reduce the window of vulnerability exposure.
Risk score, explained
The CVSS 3.1 score of 7.5 (HIGH) reflects the complete unavailability impact (A:H) of a remotely exploitable denial-of-service condition with no authentication or user interaction requirements (AV:N/PR:N/UI:N). The attack complexity is low (AC:L), and the scope is unchanged (S:U). No confidentiality or integrity compromise is possible through this vector alone, which prevents the score from reaching critical; however, the combination of remote accessibility, ease of exploitation, and impact to a critical network component justifies the high severity rating.
Frequently asked questions
Can this vulnerability be exploited to steal data or compromise my network?
No. The vulnerability causes denial of service through crashes; it does not enable remote code execution, data exfiltration, or authentication bypass. However, an attacker who crashes your router can disrupt your network connectivity, which may have downstream impacts on your organization's operations.
Do I need to physically access the router to patch it?
No. Once a patched firmware version is released by Tenda, you can typically update the router remotely through its web management interface using standard administrative access. Always verify the patch source is official Tenda documentation to avoid deploying malicious or counterfeit firmware.
What if my router model is not explicitly listed in Tenda's advisory?
Contact Tenda support or check their security page directly. While only the US_W3V1.0BR v1.0.0.3 is confirmed in the CVE, other Tenda models may share similar code. The vendor's advisory should clarify the scope. Do not assume your model is safe if it is not mentioned; verify actively.
Is this vulnerability being actively exploited?
As of the last update, this vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog, meaning there is no confirmed public evidence of active exploitation. However, that does not mean exploitation is impossible; it means it has not yet been widely detected or reported. Prompt patching is still recommended.
This analysis is based on the vulnerability record as of the last update. Vendor advisories, patch status, and exploitation reports may change. Always verify patch availability and compatibility with your specific router model against official Tenda documentation before deployment. This intelligence is provided for security awareness and remediation planning; it is not a substitute for professional security assessment or vendor support. No exploit code or weaponized proof-of-concept is provided or referenced. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2018-25383HIGHFree MP3 CD Ripper 2.8 Stack Overflow – ROP and DEP Bypass Risk
- CVE-2025-52292HIGHGPAC MP4Box Stack Buffer Overflow Denial of Service
- CVE-2025-66280HIGHQNAP Integer Overflow Vulnerability: Patch & Risk Assessment
- CVE-2026-10062HIGHTRENDnet TEW-432BRP Stack Overflow – EOL Hardware Risk
- CVE-2026-10063HIGHTRENDnet TEW-432BRP Stack Overflow – End-of-Life Router Vulnerability
- CVE-2026-10065HIGHShibby Tomato 1.28 Stack Buffer Overflow in tomatodata.cgi
- CVE-2026-10066HIGHShibby Tomato Stack Buffer Overflow in UPS Service (RCE)
- CVE-2026-10067HIGHShibby Tomato 1.28 Stack Buffer Overflow in multimon.cgi