CVE-2026-3804
Published: 09 March 2026
Summary
CVE-2026-3804 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda I3 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation of inputs like the 'index' argument in formWifiMacFilterSet to prevent stack-based buffer overflows from improper restriction of operations within memory bounds.
SI-16 implements memory protections such as stack canaries, ASLR, and DEP to mitigate exploitation of stack-based buffer overflows leading to arbitrary code execution.
SI-2 mandates timely flaw remediation through firmware patching to eliminate the specific buffer overflow vulnerability in Tenda i3 firmware 1.0.0.6(2204).
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in router web management interface (/goform/WifiMacFilterSet) enables remote authenticated arbitrary code execution; directly maps to T1190 (exploit of public-facing app) for initial/remote access and T1068 (software vuln exploitation) for privilege escalation from low-priv account to full control.
NVD Description
A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The…
more
exploit has been released to the public and may be used for attacks.
Deeper analysisAI
CVE-2026-3804 is a stack-based buffer overflow vulnerability affecting the Tenda i3 router on firmware version 1.0.0.6(2204). The issue lies in the formWifiMacFilterSet function, handled via the /goform/WifiMacFilterSet endpoint, where manipulation of the 'index' argument triggers the overflow. Published on 2026-03-09, it is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker can exploit this vulnerability remotely over the network with low attack complexity and only low privileges required, such as a valid user account on the device. Successful exploitation enables high-impact consequences across confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the router.
Advisories on VulDB (ctiid.349771, id.349771, submit.768985) document the flaw, while a proof-of-concept exploit is publicly available on GitHub at https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-i3-formWifiMacFilterSet-index-buffer-overflow. The vendor site https://www.tenda.com.cn/ provides general product information, but no specific patch or mitigation details are outlined in the references.
Details
- CWE(s)