CVE-2026-36770: Shenzhen Tenda Technology Co
Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A stack-based buffer overflow in the Tenda US_W3V1.0BR (firmware v1.0.0.3) allows an unauthenticated attacker to crash the device by sending a crafted value in the Go parameter of the ask_to_reboot function. The vulnerability is reachable over the network with no authentication required and no victim interaction needed. Successful exploitation causes a denial of service, taking the affected device offline. No fix version has been published; HarborGuard tracks the advisory and will make a patched rebuild available as soon as upstream ships a fix.
HarborGuard Coverage
Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built firmware images that bundle the affected Tenda component. No manual intervention is needed to trigger the scan.
AvailableHarborGuard scores this CVE at 7.5 HIGH (CVSS v3.1) and can weight that score against each environment's compliance policy to determine urgency and route alerts to the appropriate team or inbox inside the customer org.
AvailableNo fix version has been published by the vendor. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. For customers with auto-remediation enabled, a rebuild, regression run, and PR against affected workloads will be triggered automatically at that point.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable ask_to_reboot endpoint is exposed over the network, so the attacker must be able to send HTTP requests to the device's management interface.
- AuthenticationNot required
No credentials or session token are needed; the crafted Go parameter can be submitted by any unauthenticated client.
- Victim interactionNot required
The attacker sends a single crafted request directly to the device; no user action or click is required.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and straightforward with no race conditions or special environmental factors required.
Blast Radius
- Crashes the affected Tenda US_W3V1.0BR device, causing a complete loss of availability for all traffic routed through it.
- Brings down any network segment or workload that depends on the device for connectivity until it is manually rebooted or power-cycled.
How HarborGuard Handles This
Available on HarborGuard: because no upstream fix exists yet, the focus is on detection and compensating controls. Scans run continuously and will flag any image or firmware bundle containing the affected Tenda component version. While awaiting a vendor patch, teams can apply network-policy isolation to restrict access to the device's management interface to trusted source IPs only, and egress filtering can limit exposure of the affected endpoint to the broader network. HarborGuard re-checks the advisory on every ingest cycle; the moment the vendor publishes a patched firmware version, a rebuilt image becomes available, and for customers who opt into auto-remediation, a regression-tested rebuild and PR against affected workloads are opened automatically.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H