Tenda i3 WifiMacFilterSet formWifiMacFilterSet stack-based overflow

A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Problem type

Affected products

Tenda

1.0.0.6(2204) - AFFECTED

References

VDB-349771 | Tenda i3 WifiMacFilterSet formWifiMacFilterSet stack-based overflow

https://vuldb.com/?id.349771

vdb-entrytechnical-description

VDB-349771 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/?ctiid.349771

signaturepermissions-required

Submit #768985 | Tenda i3 V1.0.0.6(2204) Buffer Overflow

https://vuldb.com/?submit.768985

third-party-advisory

github.com

https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-i3-formWifiMacFilterSet-index-buffer-overflow

exploit

tenda.com.cn

https://www.tenda.com.cn/

product

GitHub Security Advisories

GHSA-gcmm-29vw-qxj6

A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the...

https://github.com/advisories/GHSA-gcmm-29vw-qxj6

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-3804

github.com

https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-i3-formWifiMacFilterSet-index-buffer-overflow

vuldb.com

https://vuldb.com/?ctiid.349771

vuldb.com

https://vuldb.com/?id.349771

vuldb.com

https://vuldb.com/?submit.768985

tenda.com.cn

https://www.tenda.com.cn

github.com

https://github.com/advisories/GHSA-gcmm-29vw-qxj6

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-3804

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-3804",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-03-09T05:32:09.051Z",
    "dateReserved": "2026-03-08T12:39:46.177Z",
    "datePublished": "2026-03-09T05:32:09.051Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-03-09T05:32:09.051Z"
      },
      "title": "Tenda i3 WifiMacFilterSet formWifiMacFilterSet stack-based overflow",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks."
        }
      ],
      "affected": [
        {
          "vendor": "Tenda",
          "product": "i3",
          "versions": [
            {
              "version": "1.0.0.6(2204)",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Stack-based Buffer Overflow",
              "cweId": "CWE-121",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Memory Corruption",
              "cweId": "CWE-119",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.349771",
          "name": "VDB-349771 | Tenda i3 WifiMacFilterSet formWifiMacFilterSet stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.349771",
          "name": "VDB-349771 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.768985",
          "name": "Submit #768985 | Tenda i3 V1.0.0.6(2204) Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-i3-formWifiMacFilterSet-index-buffer-overflow",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://www.tenda.com.cn/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "baseScore": 9
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-03-08T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-03-08T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-03-08T13:44:53.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Svigo (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}