Description
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple stack overflows in the formSetDebugCfgr function via the enable, level, and module parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Multiple stack overflows were identified in the formSetDebugCfgr function on the Tenda G0 device. The overflow is triggered by manipulating the enable, level, and module parameters sent in an HTTP request, causing the firmware to crash or become unresponsive. The result is a denial of service condition where the device cannot process legitimate traffic until it is rebooted or re-flashed.

Affected Systems

The vulnerability exists in the Shenzhen Tenda Technology Co., Ltd Tenda G0 firmware version 15.11.0.5. No additional firmware versions were listed in the advisory, so only devices running this exact build are known to be affected.

Risk and Exploitability

The EPSS score is below 1 % and the flaw is not listed in the CISA KEV catalog, indicating low current exploitation odds. The CVSS score of 6.5 classifies the weakness as moderate severity. Attackers can exploit the vulnerability from the network by sending a crafted HTTP request to the formSetDebugCfgr endpoint; therefore any device exposed to the internet or an untrusted internal network could be targeted.

Generated by OpenCVE AI on June 10, 2026 at 23:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the firmware to a version that contains the fix for formSetDebugCfgr stack overflows.
  • If a newer firmware is not available, disable or remove the vulnerable debug configuration parameters through the device’s administrative interface or configuration files to prevent the overflow from being triggered.
  • Implement network-layer controls such as rate limiting or blocking HTTP requests to the affected endpoint to reduce the risk of a denial of service attack.

Generated by OpenCVE AI on June 10, 2026 at 23:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
Title Multiple Stack Overflows in Tenda G0 Debug Configuration Cause DoS

Wed, 10 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Multiple Stack Overflow Vulnerabilities in Tenda G0 formSetDebugCfgr Leading to DoS
Weaknesses CWE-120

Wed, 10 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda g0
Vendors & Products Tenda
Tenda g0

Tue, 09 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Multiple Stack Overflow Vulnerabilities in Tenda G0 formSetDebugCfgr Leading to DoS
Weaknesses CWE-120

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple stack overflows in the formSetDebugCfgr function via the enable, level, and module parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

Tenda G0
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-10T19:32:30.228Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36798

cve-icon Vulnrichment

Updated: 2026-06-10T19:09:51.370Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:45.313

Modified: 2026-06-10T20:16:57.357

Link: CVE-2026-36798

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T23:45:44Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow