{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-36794: Shenzhen Tenda Technology Co","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-36794","status":"final","version":"1","initial_release_date":"2026-06-09T00:00:00.000Z","current_release_date":"2026-06-10T17:55:14.830Z","revision_history":[{"date":"2026-06-09T00:00:00.000Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the R7WebsSecurityHandler function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-36794 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-36794"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-36794"},{"category":"external","summary":"github.com","url":"https://github.com/xhh0124/SemVulLLM/tree/main/W3/R7WebsSecurityHandler"}]},"product_tree":{"branches":[{"category":"vendor","name":"n/a","branches":[{"category":"product_name","name":"n/a","branches":[{"category":"product_version","name":"n/a","product":{"name":"n/a n/a n/a","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:n\\/a:n\\/a:n\\/a:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-36794","title":"Shenzhen Tenda Technology Co","notes":[{"category":"description","text":"Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the R7WebsSecurityHandler function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1"]},"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH"},"products":["CSAFPID-1"]}],"remediations":[{"category":"none_available","details":"No fixed version is published yet. Monitor the upstream advisory.","product_ids":["CSAFPID-1"]}]}]}