CVE-2026-36779 Shenzhen Tenda Technology Co., Ltd CVE debrief

Who should care

Administrators and users of the affected Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) should prioritize patching this vulnerability to prevent potential Denial of Service (DoS) attacks.

Technical summary

CVE-2026-36779 is a high-severity vulnerability caused by multiple stack overflows in the fromVirtualSer function of the Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180). The vulnerability is triggered via crafted HTTP requests and allows for Denial of Service (DoS) attacks. The CVSS score for this vulnerability is 7.5.

Defensive priority

High

Recommended defensive actions

• Apply the necessary patches or updates provided by the vendor to fix the stack overflow vulnerabilities in the fromVirtualSer function of the Tenda O3 Wireless Router v1.0.0.5(4180).
• Restrict access to the affected system and ensure that only authorized personnel can interact with it.
• Monitor the system for suspicious activity and implement additional security measures if necessary.

Evidence notes

The CVE-2026-36779 vulnerability was discovered in the Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180). The vulnerability is caused by multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, __s2, __s1_00, and puVar3 parameters. This allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. For more information, refer to the [CVE-2026-36779 CVE record](resourceLinkAnnotations.cve-org) and [CVE-2026-36779 NVD detail](resourceLinkAnnotations.nvd).

Official resources