top of page
perceptive_background_267k.jpg

A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler.…

Published:

11 March 2026 at 23:00:00

Alert date:

12 March 2026 at 22:25:09

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Mobile & IoT

A stack-based buffer overflow vulnerability has been discovered in Tenda W3 router firmware version 1.0.0.3(2204). The vulnerability affects the formSetCfm function in the /goform/setcfm file of the HTTP Handler component. Attackers can exploit this flaw by manipulating the funcpara1 argument, but the attack vector is limited to the local network only. The exploit code has been publicly released, making this vulnerability particularly dangerous for affected devices. Organizations using Tenda W3 routers should prioritize patching or implementing network-level mitigations.

Technical details

Mitigation steps:

Affected products:

Tenda W3

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-3972
https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-setcfm-funcpara1-buffer-overflow
https://vuldb.com/?ctiid.350407
https://vuldb.com/?id.350407
https://vuldb.com/?submit.769172
https://www.tenda.com.cn/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page