CVE-2026-3973 | Tenda W3 1.0.0.3(2204) POST Parameter /goform/setAutoPing formSetAutoPing ping1/ping2 stack-based overflow

Inserito da Angelo Barbosa | Mar 11, 2026 | CVE

A vulnerability, which was classified as critical, has been found in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer overflow.

This vulnerability is tracked as CVE-2026-3973. The attack is possible to be carried out remotely. Moreover, an exploit is present.

CVE-2026-3973 | Tenda W3 1.0.0.3(2204) POST Parameter /goform/setAutoPing formSetAutoPing ping1/ping2 stack-based overflow

Post correlati

CVE-2024-40919 | Linux Kernel up to 6.1.94/6.6.34/6.9.5 bnxt_en __hwrm_send null pointer dereference

CVE-2024-50143 | Linux Kernel up to 5.15.169/6.1.114/6.6.58/6.11.5 udf_get_fileshortad uninitialized variable

CVE-2024-12811 | ShineTheme Travel Booking WordPress Theme up to 3.1.8 on WordPress Shortcode hotel_alone_slider style filename control

CVE-2025-26320 | t0mer BroadlinkManager 5.9.1 /device/ping IP Address os command injection