CVE-2026-3803 in Tendainfo

Summary

by MITRE • 03/09/2026

A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 03/09/2026

This vulnerability resides within the Tenda i3 router firmware version 1.0.0.6(2204) and specifically targets the formWifiMacFilterGet function located in the /goform/WifiMacFilterGet file. The flaw manifests as a stack-based buffer overflow that occurs when processing the index argument parameter, representing a critical security weakness that allows remote exploitation without authentication requirements. The vulnerability stems from inadequate input validation and bounds checking within the firmware's web interface handling mechanism, creating a pathway for malicious actors to execute arbitrary code on the affected device.

The technical implementation of this vulnerability follows a classic stack-based buffer overflow pattern where the index argument parameter is processed without proper size validation, allowing an attacker to write beyond the allocated buffer space on the stack. This type of vulnerability falls under CWE-121, which describes stack-based buffer overflow conditions where insufficient bounds checking permits data to overwrite adjacent memory locations. The remote exploit capability means that attackers can leverage this vulnerability from outside the local network, making it particularly dangerous for widespread deployment. The publicly available exploit demonstrates that this vulnerability is not theoretical but represents an active threat in the cybersecurity landscape.

The operational impact of this vulnerability extends beyond simple remote code execution to encompass complete system compromise and potential network infiltration. Successful exploitation could enable attackers to gain administrative access to the router, allowing them to modify network settings, redirect traffic, or establish persistent backdoors for future access. The vulnerability's presence in a consumer-grade router exposes end users to significant risk, as these devices typically operate within home networks and may serve as entry points for broader network attacks. This aligns with ATT&CK technique T1071.004 for Application Layer Protocol: DNS, where compromised routers can be used for exfiltration or command and control communications.

Mitigation strategies should prioritize immediate firmware updates from Tenda, as the vendor likely released patches addressing this specific vulnerability. Network administrators should implement strict firewall rules to restrict access to the router's web interface, particularly from external networks, while monitoring for suspicious traffic patterns that might indicate exploitation attempts. Additional protective measures include disabling unnecessary services, implementing network segmentation, and conducting regular security audits of network infrastructure. The vulnerability also underscores the importance of secure coding practices and input validation in embedded systems, emphasizing the need for comprehensive security testing of firmware components before deployment. Organizations should consider network monitoring solutions that can detect anomalous behavior patterns associated with exploitation attempts and maintain up-to-date threat intelligence regarding similar vulnerabilities in networking equipment.

Responsible

VulDB

Disclosure

03/09/2026

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00632

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!