CVE-2026-36771: Shenzhen Tenda Technology Co
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A stack-based buffer overflow exists in the Tenda W3 Wireless Router (firmware v1.0.0.3(2204)), specifically in the formwrlSSIDset function when processing the wl_radio parameter. The vulnerability is reachable over the network without any authentication, and requires no user interaction to trigger. Successful exploitation crashes the device, causing a denial of service. HarborGuard is tracking this advisory and will make a patched-image rebuild available as soon as an upstream fix is published.
HarborGuard Coverage
Detection for CVE-2026-36771 is available across every HarborGuard environment, with the CVE ingested from upstream feeds within minutes of publication and matched against images in customer registries and CI/CD pipelines, including custom-built images derived from affected firmware or base layers.
AvailableHarborGuard is capable of scoring this CVE at its CVSS v3.1 rating of 7.5 (HIGH) and weighting it against each environment's compliance policy, then routing findings to the appropriate team inbox within a customer org.
AvailableNo upstream fix version has been published for this CVE. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment the upstream vendor ships a fix, at which point customers with auto-remediation enabled can receive a rebuild, regression run, and PR opened against affected workloads automatically.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable function is exposed over the network, meaning an attacker must be able to reach the device's web interface from the network to send a crafted request.
- AuthenticationNot required
No credentials or account of any kind are required to send the malicious wl_radio parameter value to the affected endpoint.
- Victim interactionNot required
The attacker can trigger the stack overflow by sending a crafted HTTP request directly; no user action on the device is needed.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and imposes no special conditions, race requirements, or environmental prerequisites on the attacker.
Blast Radius
- Crashes the Tenda W3 router process handling wireless SSID configuration, taking the device offline and dropping all traffic it routes.
- Disrupts network connectivity for every client behind the affected router for the duration of the outage.
- The overflow is confined to availability impact; confidentiality and integrity of stored data are not affected by this vulnerability.
How HarborGuard Handles This
Available on HarborGuard: this CVE is actively monitored with no fix version currently published by the vendor. HarborGuard ingests advisory updates on every cycle, so the moment Tenda publishes a patched firmware version, a rebuilt image becomes available and customers with auto-remediation enabled receive a rebuild, regression test run, and a PR opened against affected workloads automatically. In the absence of a vendor patch, customers can apply compensating controls such as restricting network-policy access to the router's management interface, applying egress filtering to limit exposure of the formwrlSSIDset endpoint, and auditing whether container workloads depend on or bundle the affected firmware layer so that scope can be narrowed until an upstream fix arrives.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H