HIGH 7.5

CVE-2026-36793: Tenda W3 Router Stack Overflow DoS Vulnerability

A stack overflow vulnerability has been identified in Tenda W3 Wireless Router firmware version 1.0.0.3(2204). The flaw resides in how the router processes wireless network configuration requests, specifically when handling SSID (network name) parameters. An attacker can send a specially crafted network request to trigger a crash that knocks the router offline, disrupting network connectivity for all connected devices. No user interaction or authentication is required to exploit this issue.

Source data · NVD / CISA · public domain

CVSS
3.1 · 7.5 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weaknesses (CWE)
CWE-121
Affected products
0 configuration(s)
Published / Modified
2026-06-09 / 2026-06-17

NVD description (verbatim)

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the formwrlSSIDset function via the mit_ssid and mis_ssid_index parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

2 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-36793 is a stack buffer overflow in the formwrlSSIDset function of Tenda W3 Wireless Router v1.0.0.3(2204). The vulnerability stems from insufficient bounds checking on the mit_ssid and mis_ssid_index parameters when processing HTTP requests to the router's web interface. Stack buffer overflows occur when user-supplied data exceeds the allocated memory space on the call stack, potentially overwriting adjacent memory and causing application crashes or, in some scenarios, enabling code execution. In this case, the vulnerability manifests as denial of service. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) reflects network-accessible attack surface, low complexity, no privileges required, and complete availability impact.

Business impact

An attacker exploiting this vulnerability can remotely force the Tenda W3 router to crash, rendering it unable to route traffic. For organizations or homes relying on this router for network connectivity, the impact is immediate service disruption. If the router is not monitored for availability or lacks automatic recovery mechanisms, downtime could extend until manual intervention restarts the device. In enterprise deployments where this router model might serve as an edge or branch device, such outages disrupt employee productivity and potentially interrupt critical operations. The vulnerability does not compromise confidentiality or integrity of data in transit, but availability impact alone constitutes significant operational risk.

Affected systems

Tenda W3 Wireless Router firmware version 1.0.0.3(2204) is confirmed vulnerable. Organizations should check their deployed Tenda W3 units for this specific firmware version. Tenda has not provided a list of affected firmware versions beyond the one mentioned; users running older or newer versions should verify whether patches or firmware updates address this issue by consulting the vendor advisory and release notes.

Exploitability

This vulnerability is straightforward to exploit. The attack requires only network access to the router's HTTP interface—a capability any device on the network or, if the router's web management interface is exposed to the internet, any remote attacker can achieve. No authentication is required, and no user interaction is needed. The simplicity and lack of prerequisites make this a high-priority concern, though it is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning active exploitation in the wild has not been formally documented at the time of publication.

Remediation

Firmware patching is the primary remediation. Users should immediately check Tenda's support website for an updated firmware version addressing CVE-2026-36793 and apply it to their W3 routers. In parallel, network segmentation can limit exposure: restrict access to the router's web management interface to trusted administrative networks only, and disable remote management if it is enabled and not required. For affected organizations, prioritize patching devices exposed to untrusted networks or used in critical connectivity paths.

Patch guidance

Consult the official Tenda support portal and security advisories to identify the patched firmware version for the W3 router. Firmware updates for Tenda routers are typically available through the device's web interface under system settings or via the manufacturer's website. Before deploying any firmware update in a production environment, test it in a non-critical setting to ensure compatibility and stability. Document the firmware version before and after the update for audit purposes.

Detection guidance

Monitor router logs for HTTP requests containing unusually long or malformed SSID parameters (mit_ssid or mis_ssid_index fields). Network-based intrusion detection systems (IDS) can be configured to alert on suspicious HTTP requests to the router's management interface. Endpoint detection and response (EDR) tools on devices managing the router may flag unexpected crashes or restarts of the management process. Regular availability monitoring of the router (ping, HTTP health checks) can detect DoS events. Additionally, implement network access controls to limit which devices and IP ranges can reach the router's web interface.

Why prioritize this

This vulnerability merits high-priority attention due to its network-accessible nature, lack of authentication requirements, and immediate availability impact. While not yet documented in active exploitation campaigns, the low barrier to entry and potential for widespread disruption in networks using Tenda W3 routers mean it should be addressed promptly. Organizations should prioritize patching before the vulnerability becomes weaponized.

Risk score, explained

The CVSS 3.1 score of 7.5 (HIGH) reflects a network-accessible vulnerability with low attack complexity and complete loss of availability. The absence of confidentiality and integrity impact prevents a CRITICAL rating, but the ease of exploitation and network-wide consequences justify the HIGH severity classification. For a small office or home router, availability loss is disruptive; for a business-critical edge device, it is severe.

Frequently asked questions

Can this vulnerability leak data from my router or network?

No. The vulnerability causes denial of service (crash) only and does not compromise confidentiality or integrity. Attackers cannot read stored credentials, intercept traffic, or modify configurations through this specific flaw. However, the resulting downtime may indirectly impact security monitoring or access controls.

Do all Tenda W3 routers have this vulnerability?

Only firmware version 1.0.0.3(2204) is confirmed vulnerable. Other firmware versions—older or newer—may or may not be affected. Check the Tenda support website for your specific device's current firmware version and verify which versions include this fix.

Can I defend against this without patching immediately?

Temporary mitigations include disabling remote access to the router's web management interface, restricting access to the interface from trusted IPs only, and monitoring for availability anomalies. However, these measures do not eliminate the vulnerability; local network users could still exploit it. Patching is the definitive solution.

Is this vulnerability being actively exploited?

As of the published date, CVE-2026-36793 is not listed in CISA's Known Exploited Vulnerabilities catalog, meaning no formally documented active exploitation has been reported. However, the low barrier to entry means exploitation could begin at any time, so proactive patching is essential.

This analysis is provided for informational purposes and does not constitute security advice or endorsement. Verify all remediation guidance, patch version numbers, and product compatibility against official vendor advisories and release notes before implementing changes. The vulnerability details and severity assessment reflect information available at the time of publication; threat landscape and patch availability may evolve. Organizations should conduct independent risk assessments based on their specific infrastructure and operational context. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).