CVE-2026-3975
Published: 12 March 2026
Summary
CVE-2026-3975 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda W3 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation directly patches the stack-based buffer overflow in the formWifiMacFilterGet function, preventing remote exploitation via the wl_radio parameter.
Information input validation enforces bounds checking and sanitization of POST parameters like wl_radio to block buffer overflow triggers in the WifiMacFilterGet handler.
Memory protection mechanisms such as stack canaries and non-executable memory prevent arbitrary code execution from successful stack-based buffer overflows.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in publicly accessible /goform/WifiMacFilterGet web endpoint on network device directly enables remote code execution via exploitation of a public-facing application (T1190).
NVD Description
A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a manipulation of the argument wl_radio results in stack-based buffer overflow. It is…
more
possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Deeper analysisAI
CVE-2026-3975 is a stack-based buffer overflow vulnerability affecting the Tenda W3 router on firmware version 1.0.0.3(2204). The issue lies in the formWifiMacFilterGet function of the /goform/WifiMacFilterGet endpoint within the POST Parameter Handler component. Manipulating the wl_radio argument triggers the overflow, as documented under CWEs-119, CWE-121, and CWE-787.
The vulnerability enables remote exploitation over the network with low attack complexity and low privileges required (PR:L), without user interaction and with unchanged scope. Per its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), successful attacks can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the affected device.
Advisories and references, including VulDB entries (ctiid.350410, id.350410, submit.769178), note that a public exploit is available on GitHub at https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formWifiMacFilterGet-index-buffer-overflow. Security practitioners should review the Tenda website (tenda.com.cn) for any firmware updates or mitigation recommendations.
Details
- CWE(s)