平台
tenda
组件
tenda_vul
修复版本
1.0.1
A critical vulnerability, CVE-2026-3804, has been identified in the Tenda i3 WifiMacFilterSet component, specifically affecting firmware version 1.0.0.6(2204)–1.0.0.6(2204). This flaw stems from a stack-based buffer overflow within the /goform/WifiMacFilterSet function, allowing for remote exploitation. A public proof-of-concept exists, indicating an elevated risk of immediate attacks. Mitigation strategies are available while a patch is being developed.
The vulnerability allows a remote attacker to trigger a stack-based buffer overflow by manipulating the 'index' argument within the /goform/WifiMacFilterSet function. Successful exploitation can lead to arbitrary code execution on the affected Tenda i3 device. This grants the attacker complete control over the router, including the ability to modify configurations, intercept network traffic, and potentially pivot to other devices on the network. Given the public availability of a proof-of-concept, the risk of exploitation is high, and the potential impact is severe, mirroring the consequences of other router-based remote code execution vulnerabilities.
CVE-2026-3804 is considered a high-risk vulnerability due to the availability of a public proof-of-concept. It has been added to the CISA KEV catalog, indicating a significant threat to critical infrastructure. Public exploitation is likely, and organizations should prioritize mitigation efforts. No active campaigns have been publicly confirmed as of the publication date, but the ease of exploitation suggests this may change rapidly.
Small and medium-sized businesses (SMBs) and home users relying on Tenda i3 routers are at significant risk. Shared hosting environments utilizing these routers for network management are particularly vulnerable, as a compromise of one router could potentially impact multiple users. Legacy configurations with default passwords and outdated firmware exacerbate the risk.
• tenda: Monitor router logs for unusual activity related to /goform/WifiMacFilterSet.
• tenda: Use network monitoring tools to detect connections to the router's management interface from unexpected sources.
• generic web: Use curl/wget to test the /goform/WifiMacFilterSet endpoint with oversized or malformed input and observe error responses.
• generic web: Monitor access logs for requests containing suspicious parameters in the /goform/WifiMacFilterSet URL.
disclosure
漏洞利用状态
EPSS
0.08% (23% 百分位)
CISA SSVC
CVSS 向量
While a patch is pending, several mitigation steps can reduce the risk. First, implement strict firewall rules to limit external access to the /goform/WifiMacFilterSet endpoint. Input validation should be implemented to sanitize the 'index' argument, preventing oversized or malicious values. Consider temporarily disabling the MAC filter functionality if it's not essential. Monitor network traffic for unusual activity and suspicious connections. After implementing these mitigations, verify their effectiveness by attempting to access the vulnerable endpoint with a controlled, benign payload to ensure it is properly filtered.
Actualizar el firmware del router Tenda i3 a una versión posterior a 1.0.0.6(2204) para corregir la vulnerabilidad de desbordamiento de búfer basada en pila. Consultar el sitio web del fabricante para obtener la última versión del firmware y las instrucciones de actualización.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-3804 is a critical vulnerability in the Tenda i3 WifiMacFilterSet component, allowing remote attackers to trigger a stack-based buffer overflow and potentially gain control of the router.
If you are using a Tenda i3 router running firmware version 1.0.0.6(2204)–1.0.0.6(2204), you are potentially affected by this vulnerability.
Upgrade to a patched firmware version as soon as it becomes available from Tenda. Until then, implement mitigation steps like firewall rules and input validation.
A public proof-of-concept exists, indicating a high probability of active exploitation. Organizations should prioritize mitigation.
Refer to the Tenda security advisories page for updates and official information regarding CVE-2026-3804.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。