CVE-2026-36779: Tenda O3 Router Stack Overflow DoS Vulnerability – HIGH Severity
A vulnerability in Tenda O3 Wireless Router firmware version 1.0.0.5(4180) allows attackers to crash the device remotely without authentication. Multiple stack overflow flaws in the fromVirtualSer function can be triggered via specially crafted HTTP requests, resulting in denial of service. An attacker on the network can send malicious traffic to render the router unavailable.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.5 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Weaknesses (CWE)
- CWE-121
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-09 / 2026-06-17
NVD description (verbatim)
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, __s2, __s1_00, and puVar3 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
2 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-36779 involves multiple stack buffer overflows (CWE-121) within the fromVirtualSer function of Tenda O3 v1.0.0.5(4180). The vulnerable parameters—puVar2, puVar1, __s2, __s1_00, and puVar3—lack proper bounds checking on attacker-controlled input passed through HTTP requests. Stack corruption leads to process crash and device unavailability. The attack vector is network-based with no privilege or user interaction required, making it trivially exploitable by any unauthenticated remote actor.
Business impact
Affected organizations experience router unavailability, disrupting network connectivity for end users and potentially interrupting business operations. Repeated exploitation can force IT teams into reactive incident response cycles. While the vulnerability does not enable data theft or system compromise, the availability impact is material—an unreachable gateway affects all dependent network services. Organizations relying on Tenda O3 devices for branch office or remote site connectivity face risk of extended downtime if patches are delayed.
Affected systems
Tenda O3 Wireless Router firmware version 1.0.0.5(4180) is confirmed vulnerable. Organizations should verify whether they operate this specific model and firmware revision. Tenda has not publicly disclosed which firmware versions prior to or after 1.0.0.5(4180) are affected; consult vendor advisories for clarification on the full scope of impacted releases.
Exploitability
Exploitation is straightforward and requires no authentication, special privileges, or user interaction. An attacker needs only network access to the router's HTTP service and the ability to craft a malicious HTTP request. No exploit code or advanced techniques are required. The CVSS score of 7.5 reflects the ease of triggering a denial of service from across the network. However, this vulnerability does not grant code execution or administrative access—it is strictly a DoS vector.
Remediation
Immediate action: Verify which Tenda O3 devices in your environment are running firmware v1.0.0.5(4180). Contact Tenda support or check their website for patched firmware releases that address the stack overflow flaws in the fromVirtualSer function. Until a patch is available, consider restricting HTTP access to the router management interface via network segmentation or firewall rules. Monitor vendor security advisories for official fixed firmware versions.
Patch guidance
Tenda has not yet published verified patched firmware versions in this advisory. Organizations should monitor Tenda's official support portal and security announcements for updated firmware releases. When a fix is released, follow Tenda's standard firmware update procedures, which typically involve accessing the router's web interface, uploading the new firmware file, and allowing the device to reboot. Test patched firmware in a non-production environment first to ensure stability and rule out regressions.
Detection guidance
Monitor network traffic for unusual or malformed HTTP requests sent to router management ports (typically 80 or 8080). Look for requests with abnormally long parameter values or unexpected payloads in fromVirtualSer-related functions if router request logs are accessible. Observe router system logs for signs of process crashes or unexpected reboots correlated with inbound HTTP activity. Intrusion detection systems may flag stack overflow attack patterns if rules are tuned for buffer overflow exploitation attempts. Check router uptime logs for unexplained resets that might indicate exploitation in progress.
Why prioritize this
HIGH severity (CVSS 7.5) combined with trivial exploitability and no authentication barriers justifies immediate prioritization. Although this is not yet listed on CISA's Known Exploited Vulnerabilities (KEV) catalog, the low barrier to exploitation and network-accessible nature mean active exploitation could begin shortly after public disclosure. Organizations operating Tenda O3 routers should prioritize inventory and patching to minimize the window of vulnerability.
Risk score, explained
The CVSS 3.1 score of 7.5 reflects: network-based attack vector (AV:N), low attack complexity (AC:L), no privilege requirements (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), no integrity impact (I:N), but high availability impact (A:H). The score does not account for the prevalence of Tenda O3 deployment or the potential for widespread, synchronized exploitation. Organizations should supplement CVSS with context-specific risk assessments that factor in device inventory, network exposure, and operational criticality.
Frequently asked questions
Can this vulnerability lead to data breach or unauthorized access to my router settings?
No. The stack overflow causes a denial of service only—the router crashes and becomes unavailable. The vulnerability does not enable code execution, privilege escalation, or authentication bypass. Attackers cannot read stored credentials, Wi-Fi keys, or configuration data through this flaw.
Is there a workaround if I cannot patch immediately?
Restrict network access to the router's HTTP management interface using firewall rules or network segmentation. Limit which internal or external IP addresses can reach the router's web console. If the device is Internet-facing, consider placing it behind a reverse proxy or WAF that can filter malformed HTTP requests. However, these are temporary mitigations; patching remains the permanent solution.
How do I check if my Tenda O3 is running the vulnerable firmware version?
Log into your Tenda O3 router's web interface, navigate to System Settings or Device Information, and note the firmware version number. If it shows v1.0.0.5(4180), your device is confirmed vulnerable. Consult Tenda's support website or contact their customer service to determine when a patched firmware version will be available for your specific model.
Will this vulnerability affect my Wi-Fi connectivity if exploited?
Yes. A successful attack triggers a router crash, which interrupts all services the router provides—Wi-Fi broadcast, wired LAN switching, and Internet gateway functions all stop. Users lose connectivity until the device reboots and recovers, typically within a few minutes. Repeated attacks could create a denial-of-service loop.
This analysis is based on vulnerability data current as of June 2026. Patch status, affected firmware versions, and mitigation guidance may change as vendors release updates. Organizations should verify all technical claims against official Tenda advisories and security bulletins before implementing remediation. No exploit code is provided or endorsed. This content is for informational purposes and does not constitute legal, compliance, or professional security advice. Consult your organization's security team and vendor support for environment-specific guidance. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2018-25383HIGHFree MP3 CD Ripper 2.8 Stack Overflow – ROP and DEP Bypass Risk
- CVE-2025-52292HIGHGPAC MP4Box Stack Buffer Overflow Denial of Service
- CVE-2025-66280HIGHQNAP Integer Overflow Vulnerability: Patch & Risk Assessment
- CVE-2026-10062HIGHTRENDnet TEW-432BRP Stack Overflow – EOL Hardware Risk
- CVE-2026-10063HIGHTRENDnet TEW-432BRP Stack Overflow – End-of-Life Router Vulnerability
- CVE-2026-10065HIGHShibby Tomato 1.28 Stack Buffer Overflow in tomatodata.cgi
- CVE-2026-10066HIGHShibby Tomato Stack Buffer Overflow in UPS Service (RCE)
- CVE-2026-10067HIGHShibby Tomato 1.28 Stack Buffer Overflow in multimon.cgi