CVE-2026-3802
Published: 09 March 2026
Summary
CVE-2026-3802 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda I3 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation of inputs like the cmdinput argument at the /goform/exeCommand endpoint to prevent stack-based buffer overflows from oversized or malformed data.
SI-16 enforces memory protections such as stack canaries, non-executable stacks, and ASLR to mitigate exploitation of stack-based buffer overflows even if invalid input reaches the function.
SI-2 mandates timely identification, testing, and remediation of flaws like this buffer overflow in the Tenda i3 firmware to eliminate the vulnerability via patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the authenticated web form (/goform/exeCommand, cmdinput parameter) on a network device directly enables remote code execution; maps to T1190 (public-facing web management interface) and T1059.008 (Network Device CLI command execution abuse).
NVD Description
A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a manipulation of the argument cmdinput can lead to stack-based buffer overflow. The attack may be performed from remote.…
more
The exploit has been publicly disclosed and may be utilized.
Deeper analysisAI
CVE-2026-3802 is a stack-based buffer overflow vulnerability affecting the Tenda i3 router on firmware version 1.0.0.6(2204). The issue resides in the formexeCommand function of the /goform/exeCommand file, where manipulation of the cmdinput argument triggers the overflow. Classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), it was published on 2026-03-09.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), denoting high severity due to its network accessibility, low attack complexity, and requirement for only low privileges. Remote attackers with authenticated access, such as legitimate users, can exploit it without user interaction to achieve high impacts on confidentiality, integrity, and availability, potentially leading to full device compromise.
References include a public exploit disclosure on GitHub (https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-i3-formexeCommand-cmdinput-buffer-overflow) and VulDB entries (https://vuldb.com/?ctiid.349769, https://vuldb.com/?id.349769, https://vuldb.com/?submit.768983). The Tenda vendor website (https://www.tenda.com.cn/) is listed, but no specific patch or mitigation details are provided in the available information.
The exploit has been publicly disclosed and may be utilized, increasing the risk for unpatched Tenda i3 devices.
Details
- CWE(s)