CVE-2026-36791: Shenzhen Tenda Technology Co
Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the save_list_data parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A stack-based buffer overflow affects the Tenda O3v3 router firmware (v1.0.0.5), specifically in the formSetCfm function's handling of the save_list_data parameter. The vulnerability is reachable over the network without any authentication or user interaction, based on a CVSS vector of AV:N/AC:L/PR:N/UI:N. Successful exploitation causes the device to crash, resulting in a denial of service. No fix version has been published; HarborGuard tracks this advisory and will flag a patched rebuild as soon as upstream ships one.
HarborGuard Coverage
Detection of CVE-2026-36791 is available across every HarborGuard environment, with ingestion from upstream vulnerability feeds typically completing within minutes of publication. Matching runs against all customer registry images and CI/CD pipeline stages, including custom-built images that bundle Tenda O3v3 firmware or derived components.
AvailableHarborGuard triage is available with the CVSS v3.1 score of 7.5 (HIGH) applied automatically, weighted further by each customer org's compliance policy to determine urgency. Findings are routed to the appropriate team inbox within the customer environment based on configured ownership rules.
AvailableBecause no fix version has been published upstream, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. In the interim, the CVE remains open and flagged in affected customer environments so teams can apply compensating controls.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The attacker must reach the device's HTTP interface over the network; no local or physical access is needed.
- AuthenticationNot required
No credentials or session token are required to send the malicious HTTP request.
- Victim interactionNot required
The exploit is fully attacker-driven and does not depend on any action by a logged-in user or administrator.
- Attack complexityDetail
Exploitation is reliable and condition-free; no race conditions, memory layout knowledge, or special environmental factors are required.
Blast Radius
- A successful attack crashes the affected Tenda O3v3 device, taking it offline and cutting off all network traffic it routes or bridges.
- All devices and users dependent on the router for connectivity lose network access for the duration of the outage.
- Because no authentication is required, the attack can be repeated immediately after the device reboots, enabling sustained denial of service.
How HarborGuard Handles This
Available on HarborGuard: CVE-2026-36791 is flagged automatically in any environment whose images include Tenda O3v3 firmware components, with severity scored at 7.5 HIGH. Because no upstream patch exists today, HarborGuard monitors the advisory on every ingest cycle and will trigger a patched-image rebuild and, for customers with auto-remediation enabled, a regression run and PR against affected workloads the moment a fix is published. While waiting for an upstream fix, teams can use HarborGuard's network-policy controls to scope HTTP management-interface exposure to trusted source ranges only, reducing the attack surface without requiring a firmware change. Any change in advisory status will surface in the HarborGuard dashboard and alert pipeline automatically.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H