Plattform
tenda
Komponente
tenda_vul
Behoben in
1.0.1
CVE-2026-3804 identifies a malicious package, bui-react-10components, discovered by the OpenSSF Package Analysis project. This package exhibits malicious behavior by communicating with a domain associated with malicious activity, potentially leading to data theft and system compromise. Versions of bui-react-10components less than or equal to 99.0.0 are affected. The vulnerability was publicly disclosed on 2026-05-16, and mitigation strategies involve package removal or upgrading to a safe version.
The primary impact of CVE-2026-3804 stems from the package's communication with a known malicious domain. This communication can be leveraged to exfiltrate sensitive data from the affected system, potentially including API keys, credentials, and other confidential information. An attacker could also use this connection to inject malicious code or establish a backdoor for persistent access. The malicious domain could be used to distribute further malware or launch attacks against other systems within the network. This vulnerability highlights the risks associated with using untrusted or poorly vetted npm packages.
This vulnerability is actively tracked by the OpenSSF Package Analysis project and has been publicly disclosed. There are no known exploit kits or active campaigns targeting this specific package at this time, but the malicious communication pattern indicates a potential for future exploitation. The KEV status is pending evaluation. Public proof-of-concept code is not yet available, but the malicious nature of the package warrants immediate attention.
Small and medium-sized businesses (SMBs) and home users relying on Tenda i3 routers are at significant risk. Shared hosting environments utilizing these routers for network management are particularly vulnerable, as a compromise of one router could potentially impact multiple users. Legacy configurations with default passwords and outdated firmware exacerbate the risk.
• tenda: Monitor router logs for unusual activity related to /goform/WifiMacFilterSet.
• tenda: Use network monitoring tools to detect connections to the router's management interface from unexpected sources.
• generic web: Use curl/wget to test the /goform/WifiMacFilterSet endpoint with oversized or malformed input and observe error responses.
• generic web: Monitor access logs for requests containing suspicious parameters in the /goform/WifiMacFilterSet URL.
disclosure
Exploit-Status
EPSS
0.08% (23% Perzentil)
CISA SSVC
CVSS-Vektor
The most effective mitigation for CVE-2026-3804 is to immediately remove the bui-react-10components package from your project. If removal is not feasible due to dependencies, consider isolating the package within a container or sandbox to limit its access to sensitive resources. Regularly review your project's dependencies using tools like npm audit or yarn audit to identify and address potential vulnerabilities. Implement stricter package vetting processes, including verifying the publisher's identity and reviewing the package's code for suspicious activity. After removing or isolating the package, verify the absence of any unusual network connections or unexpected behavior.
Actualizar el firmware del router Tenda i3 a una versión posterior a 1.0.0.6(2204) para corregir la vulnerabilidad de desbordamiento de búfer basada en pila. Consultar el sitio web del fabricante para obtener la última versión del firmware y las instrucciones de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-3804 is a critical vulnerability in the Tenda i3 WifiMacFilterSet component, allowing remote attackers to trigger a stack-based buffer overflow and potentially gain control of the router.
If you are using a Tenda i3 router running firmware version 1.0.0.6(2204)–1.0.0.6(2204), you are potentially affected by this vulnerability.
Upgrade to a patched firmware version as soon as it becomes available from Tenda. Until then, implement mitigation steps like firewall rules and input validation.
A public proof-of-concept exists, indicating a high probability of active exploitation. Organizations should prioritize mitigation.
Refer to the Tenda security advisories page for updates and official information regarding CVE-2026-3804.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.