Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 contains a buffer overflow in the portalAuth parameter of the formPortalAuth function. The flaw can be triggered by a crafted HTTP request, causing the firmware to crash and resulting in a denial of service. This vulnerability is an example of improper bounds checking leading to memory corruption, classified under the standard buffer overflow weakness. An attacker who can send a malicious request to the device can render the web portal or the device entirely unresponsive, disrupting service availability for all users on that network.

Tenda G0 routers running firmware version v15.11.0.5 are affected. Only the specified version is listed; no other versions or vendor products are indicated in the advisory.

The exploit requires remote access to the device's web interface via HTTP, suggesting a remote attack vector. No CVSS score is supplied, but the lack of EPSS data means the current exploitation probability is unknown. The vulnerability is not listed in CISA KEV, indicating no known public exploits. However, because a simple crafted HTTP request triggers the overflow, an attacker could easily trigger the denial of service if the device is exposed to untrusted networks. Administrators should treat this as a medium‑to‑high risk if the device provides critical services.