CVE-2026-36779: Shenzhen Tenda Technology Co
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, __s2, __s1_00, and puVar3 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
Multiple stack-based buffer overflows exist in the Tenda O3 Wireless Router (firmware v1.0.0.5(4180)), specifically in the fromVirtualSer function, reachable via five distinct input parameters. The vulnerabilities are exploitable remotely over the network without any authentication or user interaction. Successful exploitation crashes the router, causing a denial of service by exhausting the call stack. HarborGuard is tracking this advisory and will make a patched-image rebuild available as soon as an upstream fix is published.
HarborGuard Coverage
Detection of CVE-2026-36779 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Tenda O3 firmware components. No manual intervention is required for a scan to surface an affected image.
AvailableTriage is available with CVSS 7.5 (HIGH) scoring applied automatically, weighted against each customer environment's compliance policy to determine urgency and routing. Findings are directed to the appropriate team inbox within each customer organization based on configured ownership rules.
AvailableNo fix version has been published upstream for this CVE. HarborGuard re-evaluates the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will trigger automatically at that point.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The attacker must reach the router's HTTP service over the network; no local or physical access is needed.
- AuthenticationNot required
No credentials or session token are needed to send the malicious HTTP request that triggers the overflow.
- Victim interactionNot required
The exploit is delivered entirely by the attacker; no user on the target device needs to click, browse, or approve anything.
- Attack complexityDetail
Exploitation is reliable and condition-free; no race conditions, memory-layout knowledge, or special environmental state is required.
Blast Radius
- The targeted router process crashes, dropping all active network connections routed through the device.
- The denial of service persists until the device is manually rebooted or power-cycled, as the overflowed stack frame cannot self-recover.
- Any services or hosts depending on the router for connectivity (VPN tunnels, virtual server mappings) become unreachable for the duration of the outage.
How HarborGuard Handles This
Available on HarborGuard: because no upstream fix exists for CVE-2026-36779, the platform continuously monitors the advisory and will surface a patched-image rebuild the moment Tenda publishes a corrected firmware version. In the interim, customers can apply compensating controls by using HarborGuard network-policy suggestions to restrict inbound HTTP access to the router's management interface to trusted source addresses only, reducing the attack surface without requiring a firmware change. For customers with auto-remediation enabled, the full rebuild, regression test, and PR workflow will execute automatically once a fix version is available, with no manual steps required.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H