CVE-2026-36777: Tenda W3 Router Stack Overflow DoS Vulnerability
A stack overflow vulnerability exists in Tenda W3 wireless routers (version 1.0.0.3 Build 2204) that can be triggered via a specially crafted HTTP request. An attacker on the same network can send malicious input to crash the router, causing a temporary denial of service. The vulnerability does not compromise confidentiality or allow unauthorized access—it purely impacts availability.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 6.5 MEDIUM · CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Weaknesses (CWE)
- CWE-121
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-09 / 2026-06-17
NVD description (verbatim)
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the param_1 parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
1 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-36777 is a stack-based buffer overflow (CWE-121) located in the formSetCfm function's param_1 parameter within the Tenda W3 router firmware. The vulnerability stems from insufficient bounds checking on user-supplied HTTP input. When oversized data is written to the stack, it overwrites critical return addresses or control structures, triggering a crash. The attack vector is network-adjacent (AV:A), requires no authentication (PR:N), no user interaction (UI:N), and produces high impact to availability (A:H). CVSS v3.1 base score is 6.5 (Medium).
Business impact
Router crashes disrupt internal network connectivity and productivity. Each DoS incident may require manual device restart, consuming IT time and creating user frustration. For organizations relying on Tenda W3 routers for branch office or remote access infrastructure, repeated attacks could degrade service continuity. The impact is primarily operational rather than data-related, but repeated incidents compound support costs.
Affected systems
Tenda W3 wireless routers running firmware version 1.0.0.3 Build 2204 are confirmed vulnerable. Other firmware versions have not been explicitly confirmed as affected or patched in available vendor advisories; verification against Tenda's official documentation is recommended. The vulnerability requires network proximity to the router, limiting exposure to local or adjacent network segments.
Exploitability
The vulnerability is readily exploitable by any attacker with network access to the device. Attack complexity is low (AC:L)—a single HTTP request with an oversized param_1 parameter is sufficient to trigger the crash. No exploit code, special tools, or social engineering are required. However, the attack is limited to adjacent networks (AV:A), not the internet-facing side, reducing external threat likelihood unless the router's management interface is exposed.
Remediation
Contact Tenda Support to obtain firmware updates newer than build 2204 for the W3 router. Implement network segmentation to restrict HTTP access to the router's management interface. Use firewall rules to allow administrative access only from trusted subnets. Consider deploying intrusion prevention signatures to detect oversized HTTP payloads targeting the router. Monitor router uptime and restart logs for signs of repeated crashes.
Patch guidance
Check the Tenda support portal for W3 router firmware updates released after June 2026. Apply any available patches as they become available. During the interim, isolate the router's management interface on a protected management VLAN with strict access controls. Verify patch installation by confirming firmware version in the router's web interface settings. Test connectivity after patching to ensure no regression.
Detection guidance
Monitor network traffic for HTTP POST requests to the router's management interface with unusually large param_1 values or payloads exceeding normal configuration sizes. Set up alerts on router uptime and crash logs—unexpected reboots correlate with successful exploit attempts. Intrusion detection systems should flag payloads exceeding typical parameter boundaries sent to the formSetCfm endpoint. Passive monitoring of console logs and syslog output can reveal stack-related errors preceding crashes.
Why prioritize this
Although categorized as Medium severity, prioritization depends on deployment context. Organizations using Tenda W3 routers in production should prioritize patching because availability disruptions directly impact users. Networks with tight access controls limiting nearby attackers can defer remediation if patches are unavailable. The lack of data breach risk and requirement for network adjacency reduce criticality compared to remote code execution vulnerabilities, but operational impact justifies timely action.
Risk score, explained
CVSS 6.5 reflects a vulnerability with high impact on availability (A:H), balanced by a restricted attack surface (AV:A, adjacent network only). The lack of confidentiality or integrity impact (C:N, I:N) caps the score despite full availability compromise. In isolated or well-segmented networks, actual risk may be lower; in flat networks where many devices sit adjacent to the router, risk increases. This is a DoS-class vulnerability rather than a code execution threat.
Frequently asked questions
Can this vulnerability be exploited from the internet?
No. The attack requires network adjacency (AV:A), meaning the attacker must be on the same local network or connected via an adjacent subnet. Internet-facing exploitation is not possible unless the router's management interface is explicitly exposed to the public network, which would violate standard deployment practices.
Does this vulnerability lead to data theft or unauthorized access?
No. The vulnerability causes only a denial of service (router crash). It does not compromise confidentiality (C:N) or integrity (I:N), and does not grant attackers command execution or access to stored configuration data or network traffic.
Which Tenda W3 firmware versions are affected?
Version 1.0.0.3 Build 2204 is confirmed vulnerable. Other build numbers have not been explicitly confirmed in the disclosed information. Contact Tenda or consult their security advisory to determine which other versions require patching and which versions contain fixes.
What is the practical impact of a crash?
The router will reboot or become unresponsive, disrupting network connectivity for devices relying on it. Users on that network may lose internet access or LAN connectivity until the device recovers or is manually restarted. In high-availability environments, this can trigger cascading failures.
This analysis is provided for informational purposes. SEC.co makes no warranty regarding the accuracy or completeness of information regarding patches, affected versions, or vendor availability beyond what is documented in official advisories. Organizations should verify all claims against Tenda's official security bulletins and consult with their security teams before implementing changes. This vulnerability requires network adjacency to exploit and does not enable remote code execution. No proof-of-concept or weaponized exploit code is provided or endorsed. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2025-59613MEDIUMQualcomm Memory Corruption Vulnerability – Firmware Security Impact
- CVE-2025-62858MEDIUMQNAP Buffer Overflow (QTS / QuTS hero) – Patch Now
- CVE-2026-0413MEDIUMNETGEAR Orbi Buffer Overflow Firmware Vulnerability
- CVE-2026-10064MEDIUMTRENDnet TEW-432BRP Stack Overflow – Unpatched EOL Router Vulnerability
- CVE-2026-11793MEDIUM389 Directory Server Stack Buffer Overflow in Password Parsing
- CVE-2026-1871MEDIUMTP-Link Tapo C200 v5 RTSP Buffer Overflow DoS Vulnerability
- CVE-2026-35716MEDIUMVIVOTEK FD8136 Stack Buffer Overflow Remote Code Execution
- CVE-2026-35717MEDIUMVIVOTEK FD8136 Stack Buffer Overflow – Authenticated RCE Vulnerability