Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Tenda W3 Router: Unsecured Remote Code Execution
CVE-2026-3973
Summary
A vulnerability in the Tenda W3 router's settings feature could allow hackers to remotely execute code, potentially taking control of the device. This means a malicious attack could be carried out from anywhere, and it's already been shared publicly. To stay safe, update to the latest firmware version or consider replacing the device with a more secure one.
Original title
A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the...
Original description
A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
- https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-setautoping-ping1-buffer...
- https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-setautoping-ping2-buffer...
- https://vuldb.com/?ctiid.350408
- https://vuldb.com/?id.350408
- https://vuldb.com/?submit.769173
- https://vuldb.com/?submit.769176
- https://www.tenda.com.cn/
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026