CVE-2026-36773

Vulnerability

A stack-based buffer overflow vulnerability exists in the ask_to_reboot function within the wireless configuration handler of Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) [1]. The vulnerability is triggered when the GO HTTP parameter is processed by websGetVar and subsequently passed to ask_to_reboot under certain runtime conditions [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the ask_to_reboot CGI handler with an excessively long GO parameter, provided a specific runtime condition (bVar1 != 0) is met. This overly long input is then used in an unbounded sprintf call, leading to a stack buffer overflow [1].

Impact

Successful exploitation of this vulnerability can lead to a Denial of Service (DoS) by causing the httpd process to crash or the device to reboot [1]. While the primary impact is DoS, there is a potential for arbitrary code execution depending on the device's architecture and runtime protections like stack canaries, NX, and ASLR [1].

Mitigation

This vulnerability affects Tenda W3 Wireless Router v1.0.0.3(2204) [1]. Information regarding a patched version or specific mitigation steps is not yet disclosed in the available references. The vulnerability was publicly disclosed on 2026-06-06 [1].