Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Tenda W3 Router Allows Remote Code Execution
CVE-2026-3976
Summary
A flaw in the Tenda W3 router's configuration tool allows an attacker to execute malicious code remotely. This could lead to unauthorized access and control of the router. Update the router's firmware to the latest version to fix the issue.
Original title
A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a man...
Original description
A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
- https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formWifiMacFilterSet-go-...
- https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formWifiMacFilterSet-ind...
- https://vuldb.com/?ctiid.350411
- https://vuldb.com/?id.350411
- https://vuldb.com/?submit.769179
- https://vuldb.com/?submit.769180
- https://www.tenda.com.cn/
Published: 12 Mar 2026 · Updated: 14 Mar 2026 · First seen: 12 Mar 2026