Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
Tenda W3 Router: Local Network Access Risk
CVE-2026-3972
Summary
A security hole in the Tenda W3 router's settings could allow a nearby user to access and potentially take control of the device. This is a concern for anyone who uses this router, as it could lead to unauthorized changes or even a complete takeover. To mitigate this risk, users should update their router to the latest available version or consider replacing it with a more secure model.
Original title
A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument fun...
Original description
A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local network. The exploit has been made public and could be used.
nvd CVSS2.0
8.3
nvd CVSS3.1
8.8
nvd CVSS4.0
8.7
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026