CVE-2026-11499 - Vulnerability Details

- Tenda HG7HG9/HG10 formDOMAINBLK stack-based overflow

Description

A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote.

Published: 2026-06-08

Score: 9.3 Critical

EPSS: 6.6% Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability occurs in the formDOMAINBLK function of Tenda routers running firmware 300001138_en_xpon. Manipulating the blkDomain argument can trigger a stack-based buffer overflow, which is a manifestation of CWE‑119 (Improper Restriction of Operations within the Bounds of a Buffer) and CWE‑121 (Stack-based Buffer Overflow). The description confirms that the attack can be performed remotely through the router’s web management interface.

Affected Systems

Tenda HG7HG9 and HG10 routers with firmware 300001138_en_xpon are affected. The vulnerable endpoint is reachable at /boaform/formDOMAINBLK via the device’s HTTP interface.

Risk and Exploitability

The CVSS score of 9.3 indicates critical severity, and the EPSS score of 7% reflects a moderate likelihood of exploitation. The vulnerability is not listed in CISA KEV. No authentication requirement is mentioned, so the endpoint may be reachable without prior login. An attacker with network access to an exposed router could exploit the flaw remotely. The stack-based buffer overflow presents a serious risk due to its potential to disrupt normal device operation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Tenda

HG7HG9

affected

Version	Status	Constraints
`300001138_en_xpon`	affected	—

Tenda

HG10

affected

Version	Status	Constraints
`300001138_en_xpon`	affected	—

No data.

Vendor Product Confidence Versions

Tenda

Hg10

100%

Version	Status	Scheme	Platform
`300001138_en_xpon`	affected	generic	—

Tenda

Hg7hg9

100%

Version	Status	Scheme	Platform
`300001138_en_xpon`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the official firmware update that resolves the stack-based buffer overflow identified as CWE‑119 and CWE‑121 in the formDOMAINBLK function.
Restrict or disable external access to the /boaform/formDOMAINBLK endpoint to mitigate the risk of CWE‑119/CWE‑121 exploitation, using firewall rules or disabling the web UI.
Harden the management network by placing the router in a dedicated VLAN or VPN with strong authentication so only authorized users can reach the vulnerable endpoint, reducing the attack surface for the identified buffer overflow (CWE‑119/CWE‑121).

Generated by OpenCVE AI on June 24, 2026 at 12:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.06561.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://github.com/ssaaaa1234/Tenda-HG10-formDOMAINBLK-stack-overflow-2
https://vuldb.com/cve/CVE-2026-11499
https://vuldb.com/submit/834888
https://vuldb.com/vuln/369119
https://vuldb.com/vuln/369119/cti
https://www.tenda.com.cn/

History

Mon, 08 Jun 2026 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 08 Jun 2026 08:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote.
Title		Tenda HG7HG9/HG10 formDOMAINBLK stack-based overflow
First Time appeared		Tenda Tenda hg10 Tenda hg7hg9
Weaknesses		CWE-119 CWE-121
CPEs		cpe:2.3:h:tenda:hg10:::::::: cpe:2.3:h:tenda:hg7hg9::::::::
Vendors & Products		Tenda Tenda hg10 Tenda hg7hg9
References		https://github.com/ssaaaa1234/Tenda-HG10-formDOMAINBLK-stack-overflow-2 https://vuldb.com/cve/CVE-2026-11499 https://vuldb.com/submit/834888 https://vuldb.com/vuln/369119 https://vuldb.com/vuln/369119/cti https://www.tenda.com.cn/
Metrics		cvssV2_0 `{'score': 10, 'vector': 'AV:N/AC:L/Au:N/C:C/I:C/A:C/E:ND/RL:ND/RC:UR'}` cvssV3_0 `{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R'}` cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R'}` cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X'}`

Subscriptions

Tenda Hg10 Hg7hg9

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-08T07:00:23.672Z

Updated: 2026-06-08T12:55:29.374Z

Reserved: 2026-06-07T13:23:38.138Z

Link: CVE-2026-11499

Vulnrichment

Updated: 2026-06-08T12:55:24.924Z

NVD

Status : Deferred

Published: 2026-06-08T09:16:29.957

Modified: 2026-06-08T14:57:14.757

Link: CVE-2026-11499

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-24T12:15:05Z

Weaknesses

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-121
Stack-based Buffer Overflow

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object