Cyber Resilience

CVE-2026-3804

HighPublic PoC

Published: 09 March 2026

Published
09 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0065 46.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-3804 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda I3 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 46.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-3804 is a stack-based buffer overflow vulnerability affecting the Tenda i3 router on firmware version 1.0.0.6(2204). The issue lies in the formWifiMacFilterSet function, handled via the /goform/WifiMacFilterSet endpoint, where manipulation of the 'index' argument triggers the overflow. Published on 2026-03-09, it is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An attacker can exploit this vulnerability remotely over the network with low attack complexity and only low privileges required, such as a valid user account on the device. Successful exploitation enables high-impact consequences across confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the router.

Advisories on VulDB (ctiid.349771, id.349771, submit.768985) document the flaw, while a proof-of-concept exploit is publicly available on GitHub at https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-i3-formWifiMacFilterSet-index-buffer-overflow. The vendor site https://www.tenda.com.cn/ provides general product information, but no specific patch or mitigation details are outlined in the references.

EU & UK References

Vulnerability details

A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The…

more

exploit has been released to the public and may be used for attacks.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in router web management interface (/goform/WifiMacFilterSet) enables remote authenticated arbitrary code execution; directly maps to T1190 (exploit of public-facing app) for initial/remote access and T1068 (software vuln exploitation) for privilege escalation from low-priv account to full control.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-3799Same product: Tenda I3
CVE-2026-3801Same product: Tenda I3
CVE-2026-3970Same product: Tenda I3
CVE-2026-3971Same product: Tenda I3
CVE-2026-3803Same product: Tenda I3
CVE-2026-3802Same product: Tenda I3
CVE-2026-5841Same product: Tenda I3
CVE-2026-3729Same vendor: Tenda
CVE-2026-6133Same vendor: Tenda
CVE-2026-4553Same vendor: Tenda

Affected Assets

tenda
i3 firmware
1.0.0.6\(2204\)

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 requires validation of inputs like the 'index' argument in formWifiMacFilterSet to prevent stack-based buffer overflows from improper restriction of operations within memory bounds.

prevent

SI-16 implements memory protections such as stack canaries, ASLR, and DEP to mitigate exploitation of stack-based buffer overflows leading to arbitrary code execution.

prevent

SI-2 mandates timely flaw remediation through firmware patching to eliminate the specific buffer overflow vulnerability in Tenda i3 firmware 1.0.0.6(2204).

References