Description
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the IPMacBindRuleIp parameter of the formIPMacBindModify function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack overflow in the IPMacBindRuleIp parameter of the formIPMacBindModify function in Tenda G0 firmware. When an attacker sends a crafted HTTP request, the overflow corrupts stack memory and causes the device to crash, resulting in a denial of service. The flaw stems from improper bounds checking – a classic buffer overflow scenario.

Affected Systems

Shenzhen Tenda Technology Co., Ltd Tenda G0 version 15.11.0.5 is affected. No other versions or products were listed.

Risk and Exploitability

Based on the description, the likely attack vector is remote over HTTP, suggesting that an unauthenticated user can trigger the stack overflow from an external or local network if the device is exposed. The CVSS score of 7.5 indicates a high severity flaw, and the EPSS score of <1% suggests a low but nonzero probability of exploitation. No fix has been reported so far, but the possibility of widespread DoS keeps the risk relatively high. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on June 11, 2026 at 00:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website or support channels for any available firmware updates that address the stack overflow.
  • If a firmware update cannot be applied immediately, configure a network firewall or reverse proxy to block or rate‑limit the formIPMacBindModify endpoint until a patch is installed.
  • Continuously monitor device logs and network traffic for signs of DoS activity originating from suspicious HTTP requests.

Generated by OpenCVE AI on June 11, 2026 at 00:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Title Stack Overflow in Tenda G0 IPMacBindRuleIp Causes DoS

Wed, 10 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Stack Overflow in Tenda G0 IPMacBind Rule Function Causing DoS
Weaknesses CWE-119

Wed, 10 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda g0
Vendors & Products Tenda
Tenda g0

Tue, 09 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Stack Overflow in Tenda G0 IPMacBind Rule Function Causing DoS
Weaknesses CWE-119

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the IPMacBindRuleIp parameter of the formIPMacBindModify function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

Tenda G0
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-10T19:32:36.207Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36797

cve-icon Vulnrichment

Updated: 2026-06-10T19:04:32.963Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:45.183

Modified: 2026-06-10T20:16:54.720

Link: CVE-2026-36797

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T00:15:27Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')