Description
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The reported vulnerability is a stack overflow in the picCropName parameter of formCropAndSetWewifiPic. A specially crafted HTTP request can trigger the overflow, causing the Tenda G0 device to crash or become unresponsive. The flaw corresponds to CWE-119, a buffer or stack overflow, and results in a denial of service that prevents normal operation of the network device.

Affected Systems

Shenzhen Tenda Technology Co., Ltd Tenda G0 firmware version 15.11.0.5 is affected. No other firmware revisions are mentioned as vulnerable in the advisory.

Risk and Exploitability

The CVSS score is not provided, but the impact is a DoS that can incapacitate the device. The EPSS score is unavailable, so the likelihood of exploitation cannot be quantified, though the vulnerability is network-based and could be triggered by any host capable of sending HTTP requests to the device. The vulnerability is not listed in CISA KEV, and no public exploit has been identified.

Generated by OpenCVE AI on June 9, 2026 at 21:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update firmware to a release that contains the stack overflow fix, if available.
  • If no patch is available, block or filter HTTP requests to the formCropAndSetWewifiPic endpoint that contain the picCropName parameter, or use a firewall rule to drop requests with unusually long values.
  • Implement network-layer rate limiting or input validation to prevent large picCropName values from reaching the device.

Generated by OpenCVE AI on June 9, 2026 at 21:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Stack Overflow in picCropName Leads to DoS in Tenda G0
Weaknesses CWE-119

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-09T18:12:28.576Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36796

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:45.030

Modified: 2026-06-09T19:35:05.693

Link: CVE-2026-36796

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:00:19Z

Weaknesses