Description
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The reported vulnerability is a stack overflow in the picCropName parameter of formCropAndSetWewifiPic. A specially crafted HTTP request can trigger the overflow, causing the Tenda G0 device to crash or become unresponsive. The flaw corresponds to CWE-120, representing a buffer or stack overflow. The result is a denial of service that prevents normal operation of the network device.

Affected Systems

Shenzhen Tenda Technology Co., Ltd Tenda G0 firmware version 15.11.0.5 is affected. No other firmware revisions are mentioned as vulnerable in the advisory.

Risk and Exploitability

The CVSS score is 7.5, indicating a high severity denial of service vulnerability. The EPSS score is <1%, suggesting a very low but non-zero likelihood of exploitation. The vulnerability is not listed in CISA KEV, and no public exploit has been identified. The flaw is network-based and can be triggered by any host capable of sending HTTP requests to the device, making it potentially exploitable in untrusted network environments.

Generated by OpenCVE AI on June 10, 2026 at 23:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update firmware to a release that contains the stack overflow fix, if available.
  • If no patch is available, block or filter HTTP requests to the formCropAndSetWewifiPic endpoint that contain the picCropName parameter, or use a firewall rule to drop requests with unusually long values.
  • Implement network-layer rate limiting or input validation to prevent large picCropName values from reaching the device.

Generated by OpenCVE AI on June 10, 2026 at 23:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
Title Stack Overflow in picCropName Causing DoS on Tenda G0 Firmware 15.11.0.5

Wed, 10 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Stack Overflow in picCropName Leads to DoS in Tenda G0
Weaknesses CWE-119

Wed, 10 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Wed, 10 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda g0
Vendors & Products Tenda
Tenda g0

Tue, 09 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Stack Overflow in picCropName Leads to DoS in Tenda G0
Weaknesses CWE-119

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

Tenda G0
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-10T19:32:42.028Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36796

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:45.030

Modified: 2026-06-10T20:16:52.037

Link: CVE-2026-36796

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T23:45:44Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')