Cyber Resilience

CVE-2026-3801

HighPublic PoC

Published: 09 March 2026

Published
09 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0063 45.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-3801 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda I3 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-3801 is a stack-based buffer overflow vulnerability affecting the Tenda i3 router on firmware version 1.0.0.6(2204). The flaw exists in the formSetAutoPing function processed by the /goform/setAutoPing endpoint, where manipulation of the ping1 or ping2 arguments triggers the overflow.

The vulnerability can be exploited remotely by attackers with low privileges, such as authenticated users, requiring low attack complexity and no user interaction. Exploitation over the network achieves high impacts on confidentiality, integrity, and availability, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It is linked to CWE-119 and CWE-121.

Public exploits targeting the ping1 and ping2 overflow variants are available on GitHub repositories under Svigo-o/Tenda_vul. VulDB documents the issue with CTI ID 349768 and ID 349768, including a submission entry, but no vendor patches or specific mitigations are detailed in the references.

The exploit has been made public and could be used, indicating potential for active targeting of vulnerable Tenda i3 devices.

EU & UK References

Vulnerability details

A vulnerability was found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formSetAutoPing of the file /goform/setAutoPing. Performing a manipulation of the argument ping1/ping2 results in stack-based buffer overflow. The attack is possible to be carried out…

more

remotely. The exploit has been made public and could be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Stack-based buffer overflow in router web endpoint (/goform/setAutoPing) enables remote code execution from low-privileged authenticated sessions, directly supporting T1190 (public-facing application exploitation) and T1068 (privilege escalation to achieve high CIA impact).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-3804Same product: Tenda I3
CVE-2026-3799Same product: Tenda I3
CVE-2026-3970Same product: Tenda I3
CVE-2026-3971Same product: Tenda I3
CVE-2026-3803Same product: Tenda I3
CVE-2026-3802Same product: Tenda I3
CVE-2026-5841Same product: Tenda I3
CVE-2026-3729Same vendor: Tenda
CVE-2026-6133Same vendor: Tenda
CVE-2026-4553Same vendor: Tenda

Affected Assets

tenda
i3 firmware
1.0.0.6\(2204\)

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Timely flaw remediation through firmware patching directly eliminates the stack-based buffer overflow in the formSetAutoPing function.

prevent

Information input validation enforces bounds checking on ping1 and ping2 arguments to prevent the buffer overflow exploitation.

prevent

Memory protection mechanisms like stack canaries mitigate successful exploitation of the stack-based buffer overflow even if input validation fails.

References