CVE-2026-3804 identifies a stack-based buffer overflow vulnerability in the Tenda i3 router firmware version 1.0.0.6(2204). The vulnerability resides in the formWifiMacFilterSet function, which processes requests to the /goform/WifiMacFilterSet endpoint. Specifically, the 'index' parameter is improperly validated or sanitized, allowing an attacker to supply crafted input that overflows the stack buffer. This overflow can corrupt the stack frame, potentially overwriting the return address or other control data, enabling remote code execution or denial of service. The vulnerability is remotely exploitable without requiring authentication or user interaction, making it highly dangerous. The CVSS 4.0 score of 8.7 reflects its high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. While no confirmed active exploitation has been reported, the public release of an exploit increases the likelihood of attacks. The affected product, Tenda i3, is a consumer-grade router commonly used in home and small office environments, which may be targeted to gain network access or pivot into internal networks. No official patches or mitigation links are currently provided, emphasizing the need for immediate defensive measures.

The exploitation of CVE-2026-3804 can lead to full compromise of affected Tenda i3 routers. Attackers can execute arbitrary code remotely, potentially gaining control over the device's firmware and network traffic. This can result in interception or manipulation of sensitive data, disruption of network services, or use of the compromised router as a foothold for further attacks within the victim's network. The vulnerability threatens confidentiality by exposing network data, integrity by allowing unauthorized changes to device configuration or traffic, and availability by causing crashes or denial of service. Given the router's role as a network gateway, successful exploitation can have cascading effects on connected devices and organizational security. The ease of remote exploitation without credentials or user interaction significantly raises the risk profile. Organizations relying on Tenda i3 routers, especially in environments with sensitive data or critical infrastructure, face substantial operational and security risks if unmitigated.

1. Immediate mitigation should focus on isolating affected Tenda i3 routers from untrusted networks, especially the internet, to reduce exposure. 2. Network administrators should implement strict firewall rules to block access to the /goform/WifiMacFilterSet endpoint or restrict management interfaces to trusted IP addresses only. 3. Monitor network traffic for unusual requests targeting the vulnerable endpoint and enable intrusion detection/prevention systems (IDS/IPS) signatures related to this vulnerability once available. 4. If possible, disable remote management features on the router to prevent external exploitation. 5. Regularly check for firmware updates or security advisories from Tenda and apply patches promptly once released. 6. Consider replacing affected devices with models from vendors with timely security support if patches are delayed. 7. Conduct network segmentation to limit the impact of compromised routers and protect critical assets. 8. Educate users and administrators about the risks and signs of compromise related to this vulnerability. These steps go beyond generic advice by focusing on access control, monitoring, and network architecture adjustments tailored to this specific vulnerability.