CVE-2026-3970
Published: 12 March 2026
Summary
CVE-2026-3970 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda I3 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of the 'index' argument in /goform/wifiSSIDget to prevent the stack-based buffer overflow exploitation.
Implements memory protections such as stack canaries and address space layout randomization to mitigate stack-based buffer overflow exploits.
Mandates timely remediation of identified flaws like CVE-2026-3970 through firmware patching to eliminate the buffer overflow vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in web management endpoint (/goform/wifiSSIDget) directly enables remote exploitation of a public-facing application (T1190) by low-privileged authenticated users, resulting in arbitrary code execution and high-impact privilege escalation on the device (T1068).
NVD Description
A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. Executing a manipulation of the argument index can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has…
more
been published and may be used.
Deeper analysisAI
CVE-2026-3970 is a stack-based buffer overflow vulnerability affecting the Tenda i3 firmware version 1.0.0.6(2204). The flaw resides in the formwrlSSIDget function of the /goform/wifiSSIDget file, where manipulation of the index argument triggers the overflow. Published on 2026-03-12, it is associated with CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation over the network by authenticated users with low privileges. Attackers can send crafted requests to the affected endpoint, causing a stack-based buffer overflow that compromises confidentiality, integrity, and availability to a high degree. This could allow arbitrary code execution, data tampering, or device crashes, depending on the overflow's exploitation.
VulDB advisories (ctiid.350405, id.350405, submit.768995) detail the issue and note recent discovery. A proof-of-concept exploit is publicly available on GitHub at https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-i3-formwrlSSIDget-index-buffer-overflow, confirming it may be used in attacks. No specific patches or mitigations are outlined in the references, though the vendor site https://www.tenda.com.cn/ is listed for further information.
The published exploit raises concerns for real-world exploitation against exposed Tenda i3 devices.
Details
- CWE(s)