Vulnerability Details CVE-2026-3972
A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local network. The exploit has been made public and could be used.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 8.3