CVE-2026-3799 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2026-3799?

CVE-2026-3799 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in Tenda i3 routers allows remote attackers to execute arbitrary code by manipulating the funcpara1 parameter in the formSetCfm function. This affects Tenda i3 router users running vulnerable firmware. Remote exploitation is possible without authentication.

📋 TL;DR

A stack-based buffer overflow vulnerability in Tenda i3 routers allows remote attackers to execute arbitrary code by manipulating the funcpara1 parameter in the formSetCfm function. This affects Tenda i3 router users running vulnerable firmware. Remote exploitation is possible without authentication.

💻 Affected Systems

Products:

Tenda i3 router

Versions: 1.0.0.6(2204)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this specific firmware version are vulnerable by default.

📦 What is this software?

I3 Firmware by Tenda

View all CVEs affecting I3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network infiltration, and potential lateral movement to connected systems.

🟠

Likely Case

Router takeover enabling traffic interception, DNS manipulation, credential theft, and deployment of persistent malware.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access, though internal network exposure remains.

🌐 Internet-Facing: HIGH - Directly accessible from internet with published exploit available.

🏢 Internal Only: HIGH - Exploitable from internal network segments once access is gained.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains working exploit code with detailed instructions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Access router admin interface. 4. Upload and apply firmware update. 5. Reboot router.

🔧 Temporary Workarounds

Network segmentation and firewall rules

all

Isolate Tenda i3 routers from internet and restrict internal access

Disable remote administration

all

Turn off WAN-side management access in router settings

🧯 If You Can't Patch

Replace vulnerable Tenda i3 routers with different models or brands
Implement strict network segmentation to isolate router from critical systems

🔍 How to Verify

Check if Vulnerable:

Access router admin interface and check firmware version matches 1.0.0.6(2204)

Check Version:

Check router web interface or use nmap/router scanning tools

Verify Fix Applied:

Check firmware version is updated to a version later than 1.0.0.6(2204)

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/setcfm with manipulated funcpara1 parameter
Router crash/reboot logs

Network Indicators:

Exploit traffic patterns matching GitHub PoC
Unusual outbound connections from router

SIEM Query:

source_ip=router AND uri_path="/goform/setcfm" AND http_method=POST AND contains(param, "funcpara1")

📊 Metadata

CVE ID: CVE-2026-3799

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: March 9, 2026

Last Updated: March 9, 2026

🔗 References

https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-i3-setcfm-funcpara1-buffer-overflow Exploit,Third Party Advisory
https://vuldb.com/?ctiid.349766 Permissions Required,VDB Entry
https://vuldb.com/?id.349766 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.768976 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-3799, you might also want to check these: