Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Tenda W3 1.0.0.3(2204) allows remote code execution through HTTP request
CVE-2026-3974
Summary
A security weakness in the Tenda W3 router's HTTP Handler can be exploited by a remote attacker to potentially execute malicious code. This could give an attacker control over the router, potentially allowing them to access sensitive data or disrupt the network. To stay secure, update the router's software to the latest version.
Original title
A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of t...
Original description
A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026