CVE-2026-5567: Tenda M3 Buffer Overflow - Remote RCE
Platform
linux
Component
tenda
CVE-2026-5567 describes a buffer overflow vulnerability discovered in the Tenda M3 router, specifically within the Destination Handler component's setAdvPolicyData function. Successful exploitation allows a remote attacker to potentially execute arbitrary code on the affected device, leading to a compromise of the router's functionality and data. This vulnerability impacts Tenda M3 devices running versions 1.0.0 through 1.0.0.10. An exploit for this vulnerability has been publicly released, increasing the risk of exploitation.
How to fix
Actualice el firmware de su dispositivo Tenda M3 a la última versión disponible proporcionada por el fabricante. Consulte el sitio web oficial de Tenda o la documentación del producto para obtener instrucciones sobre cómo actualizar el firmware.
Frequently asked questions
What is CVE-2026-5567?
CVE-2026-5567 is a buffer overflow vulnerability in the Tenda M3 router's Destination Handler. By manipulating the policyType argument, an attacker can potentially trigger a buffer overflow, leading to remote code execution.
Am I affected by CVE-2026-5567?
You are potentially affected if you are using a Tenda M3 router running firmware versions 1.0.0 through 1.0.0.10. Given the public availability of an exploit, immediate action is recommended.
How do I fix CVE-2026-5567?
No official patch is currently available from Tenda. Mitigation strategies include isolating the affected router from the internet, implementing strict firewall rules, and monitoring network traffic for suspicious activity.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free