VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 9, 2026· Updated Jun 9, 2026

CVE-2026-36772

CVE-2026-36772

Description

A stack overflow in Tenda W3 Wireless Router v1.0.0.3(2204) allows DoS via crafted input to the formwrlSSIDget function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A stack overflow in Tenda W3 Wireless Router v1.0.0.3(2204) allows DoS via crafted input to the formwrlSSIDget function.

Vulnerability

A stack-based buffer overflow vulnerability exists in the formwrlSSIDget CGI handler of Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204). The vulnerability is triggered when processing the wl_radio and index parameters. Specifically, an overly long index value, when used in a sprintf function to construct a configuration key prefix, can overwrite a fixed-size stack buffer, leading to the overflow [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the formwrlSSIDget CGI endpoint. The request must include wl_radio=0 and an excessively long value for the index parameter, such as 1aaa.... This input causes the vulnerable sprintf function to write beyond the allocated buffer on the stack [1].

Impact

Successful exploitation of this vulnerability can lead to a Denial of Service (DoS) by causing the device to crash or reboot. The available references suggest potential for further impact, but this is not fully detailed [1].

Mitigation

No patched version or specific mitigation details are disclosed in the available references. The affected product is Tenda W3 Wireless Router v1.0.0.3(2204) [1].

References
  1. SemVulLLM/W3/formwrlSSIDget at main · xhh0124/SemVulLLM

AI Insight generated on Jun 9, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.