HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-36793Published Modified CNA mitre

CVE-2026-36793: Shenzhen Tenda Technology Co

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the formwrlSSIDset function via the mit_ssid and mis_ssid_index parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Metrics

CVSS v3.1
7.5
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Multiple stack-based buffer overflows exist in the Tenda W3 Wireless Router (firmware v1.0.0.3(2204)) within the formwrlSSIDset function, triggered by oversized values in the mit_ssid and mis_ssid_index HTTP request parameters. The vulnerability is reachable over the network with no authentication required and no user interaction needed. Successful exploitation crashes the router, causing a denial of service. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment an upstream fix is published.

HarborGuard Coverage

Detection

Detection capability for CVE-2026-36793 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds, including custom-built images that bundle this firmware or derived components.

Available
Triage

HarborGuard scores this CVE at 7.5 HIGH using the published CVSS v3.1 vector, with per-environment compliance policy weighting applied to route findings to the appropriate team inbox within each customer organization.

Available
Patch

No fix version has been published by the vendor. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the router's HTTP service over the network; no local or physical access is required.

  • AuthenticationNot required

    No account or credential is needed to send the malicious HTTP request to the vulnerable endpoint.

  • Victim interactionNot required

    The exploit is fully attacker-driven and requires no action from any user of the device.

  • Attack complexityDetail

    Exploitation is reliable and condition-free; the attacker only needs to craft an HTTP request with an oversized parameter value.

Blast Radius

  • Crashes the router's management process, taking the device offline and cutting network connectivity for all clients behind it.
  • Repeated exploitation keeps the device in a denial-of-service loop until it is power-cycled or replaced.
  • Any dependent network services (DHCP, DNS forwarding, internet access) become unavailable for the duration of the attack.

How HarborGuard Handles This

Available on HarborGuard: this CVE is monitored continuously against all customer image registries and CI pipelines. Because no vendor patch exists at this time, HarborGuard surfaces the finding in each affected environment's queue, weighted by the applicable compliance policy, and re-evaluates on every advisory ingest cycle. As a compensating control, customers can apply network-policy rules to restrict access to the router's HTTP management interface to trusted source IPs or management VLANs only, reducing the reachable attack surface until a firmware fix is available. The moment the vendor publishes a patched firmware version, a rebuilt image becomes available on HarborGuard, and for customers with auto-remediation enabled, a regression-test run and a PR against affected workloads are opened automatically.

See how HarborGuard automates this
Affected packages
  • n/a / n/a
    n/a
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References