{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3976", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-11T14:01:30.458Z", "datePublished": "2026-03-12T02:32:13.620Z", "dateUpdated": "2026-03-12T14:42:16.574Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-12T02:32:13.620Z"}, "title": "Tenda W3 POST Parameter WifiMacFilterSet formWifiMacFilterSet stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "W3", "versions": [{"version": "1.0.0.3(2204)", "status": "affected"}], "modules": ["POST Parameter Handler"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-11T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-11T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-11T20:01:36.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Svigo_o (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.350411", "name": "VDB-350411 | Tenda W3 POST Parameter WifiMacFilterSet formWifiMacFilterSet stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.350411", "name": "VDB-350411 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.769179", "name": "Submit #769179 | Tenda W3 V1.0.0.3(2204) Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.769180", "name": "Submit #769180 | Tenda W3 V1.0.0.3(2204) Buffer Overflow (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formWifiMacFilterSet-index-buffer-overflow", "tags": ["related"]}, {"url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formWifiMacFilterSet-go-buffer-overflow", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T14:42:08.208332Z", "id": "CVE-2026-3976", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T14:42:16.574Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3976", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T14:42:08.208332Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T14:42:13.310Z"}}], "cna": {"title": "Tenda W3 POST Parameter WifiMacFilterSet formWifiMacFilterSet stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "Svigo_o (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Tenda", "modules": ["POST Parameter Handler"], "product": "W3", "versions": [{"status": "affected", "version": "1.0.0.3(2204)"}]}], "timeline": [{"lang": "en", "time": "2026-03-11T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-11T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-11T20:01:36.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.350411", "name": "VDB-350411 | Tenda W3 POST Parameter WifiMacFilterSet formWifiMacFilterSet stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.350411", "name": "VDB-350411 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.769179", "name": "Submit #769179 | Tenda W3 V1.0.0.3(2204) Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.769180", "name": "Submit #769180 | Tenda W3 V1.0.0.3(2204) Buffer Overflow (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formWifiMacFilterSet-index-buffer-overflow", "tags": ["related"]}, {"url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formWifiMacFilterSet-go-buffer-overflow", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-12T02:32:13.620Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3976", "state": "PUBLISHED", "dateUpdated": "2026-03-12T14:42:16.574Z", "dateReserved": "2026-03-11T14:01:30.458Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-12T02:32:13.620Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:w3_firmware:1.0.0.3\\(2204\\):*:*:*:*:*:*:*", "matchCriteriaId": "F7C71B75-3813-4243-B6A3-8B44102303AA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:w3:-:*:*:*:*:*:*:*", "matchCriteriaId": "89FA4ED8-CE8A-4A77-9A71-D99871B76EA3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks."}, {"lang": "es", "value": "Una debilidad ha sido identificada en Tenda W3 1.0.0.3(2204). Afectada est\u00e1 la funci\u00f3n formWifiMacFilterSet del archivo /goform/WifiMacFilterSet del componente Gestor de Par\u00e1metros POST. Ejecutar una manipulaci\u00f3n del argumento index/GO puede llevar a un desbordamiento de b\u00fafer basado en pila. Es posible lanzar el ataque de forma remota. El exploit ha sido puesto a disposici\u00f3n del p\u00fablico y podr\u00eda ser usado para ataques."}], "id": "CVE-2026-3976", "lastModified": "2026-04-02T20:07:27.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-12T03:15:58.740", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formWifiMacFilterSet-go-buffer-overflow"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formWifiMacFilterSet-index-buffer-overflow"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.350411"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.350411"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.769179"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.769180"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0.0.3(2204)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "w3", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-03T00:35:44.183443+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update from Tenda that resolves the /goform/WifiMacFilterSet buffer overflow.", "If no update is available, restrict external access to the router\u2019s web interface or disable the formWifiMacFilterSet feature.", "Verify the firmware version after the update and confirm the vulnerability is mitigated.", "Monitor the device for anomalous activity or repeated failed POST attempts to /goform/WifiMacFilterSet."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Tenda W3 routers running firmware version 1.0.0.3(2204). The flaw resides in the POST Parameter Handler component that exposes the /goform/WifiMacFilterSet endpoint via the web interface. Devices using the stated firmware revision are at risk if the endpoint is reachable from a network.", "description_and_impact": "A stack\u2011based buffer overflow exists in the formWifiMacFilterSet handler of the Tenda W3 router. A crafted POST request to the /goform/WifiMacFilterSet endpoint can overwrite critical stack memory, enabling an attacker to execute arbitrary code. Public exploits demonstrate that the overflow can be triggered remotely, potentially allowing full control of the device.", "risk_and_exploitability": "The CVSS score of 8.7 signals high severity, yet the EPSS score below 1% indicates a low current exploitation probability. The vulnerability is not listed in CISA\u2019s KEV catalog, but publicly available exploits exist on GitHub. Attackers can exploit the flaw remotely through the web interface, so any host with network access to the router could target it. Overall, the risk is moderate to high, depending on network exposure and threat actor motivation."}}}}, "created": "2026-03-13T09:53:40.269091+00:00", "updated": "2026-04-03T09:39:32.889767+00:00", "vendors": ["tenda", "tenda$PRODUCT$w3"]}