{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4007", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-11T18:58:11.145Z", "datePublished": "2026-03-12T06:32:09.542Z", "dateUpdated": "2026-03-12T14:23:03.456Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-12T06:32:09.542Z"}, "title": "Tenda W3 POST Parameter wifiSSIDget stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "W3", "versions": [{"version": "1.0.0.3(2204)", "status": "affected"}], "modules": ["POST Parameter Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-11T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-11T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-11T20:03:25.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Svigo_o (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.350530", "name": "VDB-350530 | Tenda W3 POST Parameter wifiSSIDget stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.350530", "name": "VDB-350530 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.769181", "name": "Submit #769181 | Tenda W3 V1.0.0.3(2204) Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formwrlSSIDget-index-buffer-overflow", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T14:20:46.529673Z", "id": "CVE-2026-4007", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T14:23:03.456Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4007", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T14:20:46.529673Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T14:22:59.460Z"}}], "cna": {"title": "Tenda W3 POST Parameter wifiSSIDget stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "Svigo_o (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Tenda", "modules": ["POST Parameter Handler"], "product": "W3", "versions": [{"status": "affected", "version": "1.0.0.3(2204)"}]}], "timeline": [{"lang": "en", "time": "2026-03-11T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-11T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-11T20:03:25.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.350530", "name": "VDB-350530 | Tenda W3 POST Parameter wifiSSIDget stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.350530", "name": "VDB-350530 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.769181", "name": "Submit #769181 | Tenda W3 V1.0.0.3(2204) Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formwrlSSIDget-index-buffer-overflow", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-12T06:32:09.542Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4007", "state": "PUBLISHED", "dateUpdated": "2026-03-12T14:23:03.456Z", "dateReserved": "2026-03-11T18:58:11.145Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-12T06:32:09.542Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:w3_firmware:1.0.0.3\\(2204\\):*:*:*:*:*:*:*", "matchCriteriaId": "F7C71B75-3813-4243-B6A3-8B44102303AA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:w3:-:*:*:*:*:*:*:*", "matchCriteriaId": "89FA4ED8-CE8A-4A77-9A71-D99871B76EA3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used."}, {"lang": "es", "value": "Una vulnerabilidad fue detectada en Tenda W3 1.0.0.3(2204). Esta vulnerabilidad afecta c\u00f3digo desconocido del archivo /goform/wifiSSIDget del componente Gestor de Par\u00e1metros POST. Realizar una manipulaci\u00f3n del argumento index resulta en desbordamiento de b\u00fafer basado en pila. Es posible iniciar el ataque de forma remota. El exploit es ahora p\u00fablico y puede ser utilizado."}], "id": "CVE-2026-4007", "lastModified": "2026-04-02T20:07:11.523", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-12T07:16:18.583", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-w3-formwrlSSIDget-index-buffer-overflow"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.350530"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.350530"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.769181"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}