Description
A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Interface. Performing a manipulation of the argument funckey_transfer results in stack-based buffer overflow. The attack is possible to be carried out remotely.
Published: 2026-06-08
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a stack‑based buffer overflow in Tenda's web management interface, triggered when a crafted value is supplied for funckey_transfer in the asp_voip_OtherSet function. The overflow permits an attacker to corrupt the stack, potentially enabling arbitrary code execution with the privileges of the web service. This breach could compromise confidentiality, integrity, and availability of the device and any network it connects to.

Affected Systems

The affected devices are Tenda HG7HG9 and HG10 routers running firmware version 300001138_en_xpon. The vulnerability resides in the /boaform/voip_other_set endpoint of the web management component.

Risk and Exploitability

The CVSS score of 8.7 signals a high severity risk. EPSS is not available, but the vulnerability is exploitable remotely, suggesting that attackers could target the device over the network without needing local access. The vulnerability is not listed in CISA's KEV catalog, yet its high severity and remote nature mean organizations should treat it as a top priority.

Generated by OpenCVE AI on June 8, 2026 at 09:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from Tenda that addresses the buffer overflow flaw.
  • If no update is available, block external access to the /boaform/voip_other_set URL or the entire web management interface using a firewall or access control lists.
  • Restrict web management to the local network or a secured VPN, limiting exposure to remote attackers.
  • Monitor system logs for any unusual activity related to the voip_other_set endpoint.

Generated by OpenCVE AI on June 8, 2026 at 09:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 08:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Interface. Performing a manipulation of the argument funckey_transfer results in stack-based buffer overflow. The attack is possible to be carried out remotely.
Title Tenda HG7HG9/HG10 Web Management voip_other_set asp_voip_OtherSet stack-based overflow
First Time appeared Tenda
Tenda hg10
Tenda hg7hg9
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:h:tenda:hg10:*:*:*:*:*:*:*:*
cpe:2.3:h:tenda:hg7hg9:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda hg10
Tenda hg7hg9
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Tenda Hg10 Hg7hg9
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T06:45:21.289Z

Reserved: 2026-06-07T13:22:12.336Z

Link: CVE-2026-11498

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T09:16:29.753

Modified: 2026-06-08T09:16:29.753

Link: CVE-2026-11498

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T09:30:20Z

Weaknesses