ГлавнаяУязвимости → CVE-2026-3972
8.8высокая

CVE-2026-3972

Описание

A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local network. The exploit has been made public and could be used.

Затрагиваемое ПО
Tenda W3 firmwareTenda W3
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-setcfm-funcpara1-buffer-overflowhttps://vuldb.com/?ctiid.350407https://vuldb.com/?id.350407https://vuldb.com/?submit.769172https://www.tenda.com.cn/