CVE-2026-3973

Name of the Vulnerable Software and Affected Versions Tenda W3 version 1.0.0.3(2204)

Description A flaw exists in the Tenda W3 device. This issue affects the formSetAutoPing function within the /goform/setAutoPing file of the POST Parameter Handler component. Manipulation of the ping1 and ping2 arguments can lead to a stack-based buffer overflow. The attack can be carried out remotely. The exploit for this issue has been publicly disclosed.

Recommendations Update to a newer version that contains a fix for this vulnerability.