Tenda W3 Firmware vulnerabilities

CVE-2026-4008 [HIGH] CWE-119 CVE-2026-4008: A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the f A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.

CVE-2026-3973 [HIGH] CWE-119 CVE-2026-3973: A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be

CVE-2026-3974 [HIGH] CWE-119 CVE-2026-3974: A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function fo A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used.

CVE-2026-3975 [HIGH] CWE-119 CVE-2026-3975: A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formW A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a manipulation of the argument wl_radio results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been r

CVE-2026-4007 [HIGH] CWE-119 CVE-2026-4007: A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of t A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.

CVE-2026-3972 [HIGH] CWE-119 CVE-2026-3972: A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetC A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local network. The exploit has been made public and could be used.

CVE-2026-3976 [HIGH] CWE-119 CVE-2026-3976: A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilter A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made available