CVE-2026-36773: Tenda W3 Router Stack Overflow Denial of Service
A stack overflow vulnerability has been identified in Tenda W3 Wireless Router version 1.0.0.3(2204). The flaw exists in how the device processes the 'Go' parameter within its reboot function, allowing an attacker on the local network to send specially crafted input that causes the router to crash or become unresponsive. This is a denial-of-service issue—attackers cannot steal data or gain control, but they can disrupt network availability.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 6.5 MEDIUM · CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Weaknesses (CWE)
- CWE-121
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-09 / 2026-06-17
NVD description (verbatim)
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
1 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-36773 is a stack buffer overflow (CWE-121) in the ask_to_reboot function of the Tenda W3 router. The Go parameter fails to properly validate or bound input length before writing to stack memory, enabling stack corruption. An attacker with adjacent network access can trigger a crash by sending a malformed request containing an oversized Go parameter value. The vulnerability requires no authentication and no user interaction, making it trivial to exploit from any device on the same network segment.
Business impact
For organizations relying on Tenda W3 routers as network gateways or access points, this vulnerability introduces availability risk. An attacker could repeatedly crash the device, causing prolonged outages to dependent systems. In retail, hospitality, or small-office environments where internet uptime is critical, denial of service translates directly to revenue loss and customer experience degradation. The attack requires only network adjacency, not internet-level access, making it a concern primarily for internal threat actors, compromised devices on your network, or guests with network access.
Affected systems
Tenda W3 Wireless Router firmware version 1.0.0.3(2204) is confirmed vulnerable. Organizations should audit deployments of this specific model and firmware build. Verify whether your Tenda devices are running this exact version by accessing the router's administration interface. Determine whether any newer firmware versions are available directly from Tenda's support site and check release notes for security fixes.
Exploitability
Exploitability is straightforward for an attacker already on the same local network (adjacent network access per CVSS metrics). No authentication is required, no user interaction is needed, and the attack is deterministic—sending a malformed request reliably triggers the crash. However, the vulnerability is not remotely exploitable over the internet; the attacker must be on the LAN or have compromised another device on that network. This lowers the threat from external threat actors but elevates risk from insider threats or compromised guest devices.
Remediation
Contact Tenda support or visit their download center to obtain a firmware update for the W3 router that addresses CVE-2026-36773. Apply the patch to all affected units. If a firmware update is not immediately available, consider implementing network access controls to restrict which devices can reach the router's management interface, or temporarily isolate the affected router to a VLAN with limited trust.
Patch guidance
Obtain the latest firmware for the Tenda W3 from Tenda's official support portal, verifying you have the correct model and region-specific build. Back up your router configuration before upgrading. Follow Tenda's documented firmware update procedure (usually via the web admin console or dedicated update tool) and allow the device to fully reboot. After patching, confirm the new firmware version is reported correctly in the device settings and test basic connectivity to ensure no regression.
Detection guidance
Monitor Tenda router logs for repeated reset or crash events, particularly if correlated with unusual requests to the reboot function. Network-level detection is challenging since the trigger is a crafted HTTP or API request to an internal-only endpoint. Consider enabling verbose logging on the router if available. Host-based detection on systems dependent on the router (elevated latency, connection drops) may indicate an active attack. Periodically verify the firmware version across all Tenda devices in inventory to identify unpatched units.
Why prioritize this
Although the CVSS score is medium (6.5) and the vulnerability does not enable data theft or code execution, it represents a direct availability threat to critical network infrastructure. For environments where router uptime is operationally essential, denial of service on a network gateway is effectively a critical impact event. Prioritize patching if your organization depends on this router for production traffic; deprioritize only if the device is isolated, redundant, or used for non-critical purposes.
Risk score, explained
The CVSS 3.1 vector AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H reflects: Attack Vector (Adjacent network) limits exposure to same LAN only; Attack Complexity (Low) indicates the crash is reliable and easy to trigger; Privilege Required and User Interaction (None) show no barriers to exploitation; Scope (Unchanged) and Confidentiality/Integrity (None) indicate no data breach or system compromise; Availability (High) confirms severe disruption. The medium severity reflects the local-only attack surface offsetting the complete availability impact.
Frequently asked questions
Can this vulnerability be exploited from the internet?
No. The CVSS vector specifies Adjacent Network access, meaning the attacker must be on the same local network segment as the router. They cannot exploit it remotely over the internet.
Do I need user credentials to trigger this attack?
No. The vulnerability requires no authentication or user interaction. Any device on the network can send the malicious request.
What happens if the router is attacked—is my data at risk?
No. This is a denial-of-service vulnerability only. It cannot be used to steal data, access your network, or compromise the router itself. The impact is that the router crashes and you lose internet connectivity until it reboots.
How do I know if my Tenda W3 is vulnerable?
Check the firmware version in your router's web admin interface (usually under System Settings or About). If it shows v1.0.0.3(2204), you are vulnerable. Contact Tenda support to obtain an updated firmware build and verify it patches this CVE.
This vulnerability intelligence is provided for informational purposes. Security teams should verify all remediation steps, patch versions, and vendor guidance against official Tenda advisories and their own environment before deployment. No exploit code is provided or endorsed. Tenda and SEC.co are independent; this analysis is not an official Tenda security advisory. Always test patches in a controlled environment before production rollout. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2025-59613MEDIUMQualcomm Memory Corruption Vulnerability – Firmware Security Impact
- CVE-2025-62858MEDIUMQNAP Buffer Overflow (QTS / QuTS hero) – Patch Now
- CVE-2026-0413MEDIUMNETGEAR Orbi Buffer Overflow Firmware Vulnerability
- CVE-2026-10064MEDIUMTRENDnet TEW-432BRP Stack Overflow – Unpatched EOL Router Vulnerability
- CVE-2026-11793MEDIUM389 Directory Server Stack Buffer Overflow in Password Parsing
- CVE-2026-1871MEDIUMTP-Link Tapo C200 v5 RTSP Buffer Overflow DoS Vulnerability
- CVE-2026-35716MEDIUMVIVOTEK FD8136 Stack Buffer Overflow Remote Code Execution
- CVE-2026-35717MEDIUMVIVOTEK FD8136 Stack Buffer Overflow – Authenticated RCE Vulnerability