MEDIUM 6.5

CVE-2026-36773: Tenda W3 Router Stack Overflow Denial of Service

A stack overflow vulnerability has been identified in Tenda W3 Wireless Router version 1.0.0.3(2204). The flaw exists in how the device processes the 'Go' parameter within its reboot function, allowing an attacker on the local network to send specially crafted input that causes the router to crash or become unresponsive. This is a denial-of-service issue—attackers cannot steal data or gain control, but they can disrupt network availability.

Source data · NVD / CISA · public domain

CVSS
3.1 · 6.5 MEDIUM · CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weaknesses (CWE)
CWE-121
Affected products
0 configuration(s)
Published / Modified
2026-06-09 / 2026-06-17

NVD description (verbatim)

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

1 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-36773 is a stack buffer overflow (CWE-121) in the ask_to_reboot function of the Tenda W3 router. The Go parameter fails to properly validate or bound input length before writing to stack memory, enabling stack corruption. An attacker with adjacent network access can trigger a crash by sending a malformed request containing an oversized Go parameter value. The vulnerability requires no authentication and no user interaction, making it trivial to exploit from any device on the same network segment.

Business impact

For organizations relying on Tenda W3 routers as network gateways or access points, this vulnerability introduces availability risk. An attacker could repeatedly crash the device, causing prolonged outages to dependent systems. In retail, hospitality, or small-office environments where internet uptime is critical, denial of service translates directly to revenue loss and customer experience degradation. The attack requires only network adjacency, not internet-level access, making it a concern primarily for internal threat actors, compromised devices on your network, or guests with network access.

Affected systems

Tenda W3 Wireless Router firmware version 1.0.0.3(2204) is confirmed vulnerable. Organizations should audit deployments of this specific model and firmware build. Verify whether your Tenda devices are running this exact version by accessing the router's administration interface. Determine whether any newer firmware versions are available directly from Tenda's support site and check release notes for security fixes.

Exploitability

Exploitability is straightforward for an attacker already on the same local network (adjacent network access per CVSS metrics). No authentication is required, no user interaction is needed, and the attack is deterministic—sending a malformed request reliably triggers the crash. However, the vulnerability is not remotely exploitable over the internet; the attacker must be on the LAN or have compromised another device on that network. This lowers the threat from external threat actors but elevates risk from insider threats or compromised guest devices.

Remediation

Contact Tenda support or visit their download center to obtain a firmware update for the W3 router that addresses CVE-2026-36773. Apply the patch to all affected units. If a firmware update is not immediately available, consider implementing network access controls to restrict which devices can reach the router's management interface, or temporarily isolate the affected router to a VLAN with limited trust.

Patch guidance

Obtain the latest firmware for the Tenda W3 from Tenda's official support portal, verifying you have the correct model and region-specific build. Back up your router configuration before upgrading. Follow Tenda's documented firmware update procedure (usually via the web admin console or dedicated update tool) and allow the device to fully reboot. After patching, confirm the new firmware version is reported correctly in the device settings and test basic connectivity to ensure no regression.

Detection guidance

Monitor Tenda router logs for repeated reset or crash events, particularly if correlated with unusual requests to the reboot function. Network-level detection is challenging since the trigger is a crafted HTTP or API request to an internal-only endpoint. Consider enabling verbose logging on the router if available. Host-based detection on systems dependent on the router (elevated latency, connection drops) may indicate an active attack. Periodically verify the firmware version across all Tenda devices in inventory to identify unpatched units.

Why prioritize this

Although the CVSS score is medium (6.5) and the vulnerability does not enable data theft or code execution, it represents a direct availability threat to critical network infrastructure. For environments where router uptime is operationally essential, denial of service on a network gateway is effectively a critical impact event. Prioritize patching if your organization depends on this router for production traffic; deprioritize only if the device is isolated, redundant, or used for non-critical purposes.

Risk score, explained

The CVSS 3.1 vector AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H reflects: Attack Vector (Adjacent network) limits exposure to same LAN only; Attack Complexity (Low) indicates the crash is reliable and easy to trigger; Privilege Required and User Interaction (None) show no barriers to exploitation; Scope (Unchanged) and Confidentiality/Integrity (None) indicate no data breach or system compromise; Availability (High) confirms severe disruption. The medium severity reflects the local-only attack surface offsetting the complete availability impact.

Frequently asked questions

Can this vulnerability be exploited from the internet?

No. The CVSS vector specifies Adjacent Network access, meaning the attacker must be on the same local network segment as the router. They cannot exploit it remotely over the internet.

Do I need user credentials to trigger this attack?

No. The vulnerability requires no authentication or user interaction. Any device on the network can send the malicious request.

What happens if the router is attacked—is my data at risk?

No. This is a denial-of-service vulnerability only. It cannot be used to steal data, access your network, or compromise the router itself. The impact is that the router crashes and you lose internet connectivity until it reboots.

How do I know if my Tenda W3 is vulnerable?

Check the firmware version in your router's web admin interface (usually under System Settings or About). If it shows v1.0.0.3(2204), you are vulnerable. Contact Tenda support to obtain an updated firmware build and verify it patches this CVE.

This vulnerability intelligence is provided for informational purposes. Security teams should verify all remediation steps, patch versions, and vendor guidance against official Tenda advisories and their own environment before deployment. No exploit code is provided or endorsed. Tenda and SEC.co are independent; this analysis is not an official Tenda security advisory. Always test patches in a controlled environment before production rollout. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).