CVE-2026-36783: Shenzhen Tenda Technology Co
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A stack-based buffer overflow in the Tenda O3 Wireless Router (firmware v1.0.0.5(4180)) allows a remote attacker to crash the device by sending a crafted HTTP request with an oversized value in the domain parameter of the fromNetToolGet function. The vulnerability is reachable over the network with no authentication required and no user interaction needed. Successful exploitation causes a denial of service, taking the router offline until it is manually rebooted or resets itself. HarborGuard is tracking this advisory and will make a patched-image rebuild available as soon as an upstream fix is published.
HarborGuard Coverage
Detection for CVE-2026-36783 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in registries and CI/CD pipelines, including custom-built images that package this firmware or its components.
AvailableHarborGuard is capable of scoring this CVE at 7.5 HIGH (CVSS v3.1) and weighting it against each environment's compliance policy to route alerts to the appropriate team inbox within each customer organization.
AvailableNo upstream fix version has been published for this CVE. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment the upstream vendor ships a corrected firmware or package version.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The attacker must be able to reach the router's HTTP service over the network; no local or physical access is required.
- AuthenticationNot required
The vulnerable endpoint accepts unauthenticated requests, so no account or credential is needed to trigger the overflow.
- Victim interactionNot required
The attacker sends a crafted HTTP request directly to the device; no user on the target device needs to click or open anything.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental prerequisites beyond network access.
Blast Radius
- The router process crashes, dropping all network connectivity for every device behind or through the affected O3 router.
- Recovery requires a manual reboot or automatic watchdog restart, creating a window of complete network unavailability.
- Repeated exploitation can keep the device in a continuous crash-restart loop, sustaining the outage indefinitely.
How HarborGuard Handles This
Available on HarborGuard: detection for this CVE is active and matched against all customer images on every scan cycle. Because no upstream fix exists yet, HarborGuard monitors the advisory continuously and will trigger a patched-image rebuild and (for customers with auto-remediation enabled) a regression run plus a PR opened against affected workloads the moment the vendor publishes a corrected version. In the meantime, compensating controls worth considering include network-policy isolation of management HTTP interfaces, egress and ingress filtering rules that restrict access to the router's web UI to trusted internal subnets only, and disabling remote management features if the device firmware supports a feature-flag toggle for them.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H