Description
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindIndex parameter of the formIPMacBindDel function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow vulnerability resides in the IPMacBindIndex parameter of the formIPMacBindDel function in Shenzhen Tenda Technology Co., Ltd Tenda G0 firmware version 15.11.0.5. An attacker can exploit this by sending a specifically crafted HTTP request, which causes the device to crash and become unavailable, leading to a denial of service condition for legitimate users. The primary weakness is an unchecked buffer boundary that can be overflowed, a classic buffer overflow flaw.

Affected Systems

The affected product is the Tenda G0 router, firmware 15.11.0.5, sold by Shenzhen Tenda Technology Co., Ltd. No other vendor or product versions are listed as impacted.

Risk and Exploitability

The EPSS score is < 1% and the vulnerability is not listed in the CISA KEV catalog, so the public exploit probability is low. However, the flaw can be triggered via the web administration interface, therefore the attack vector is remote over HTTP. Since the flaw causes a crash rather than code execution, the difficulty of exploitation is low: a simple HTTP POST or GET request with malicious data is sufficient. The impact is loss of availability of the router or any services that depend on it, with a CVSS score of 7.5.

Generated by OpenCVE AI on June 10, 2026 at 22:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Tenda support website for a firmware update that fixes the buffer overflow in the formIPMacBindDel function. If a patch is available, install the updated firmware as soon as possible.
  • If no patch exists, restrict access to the router’s web administration interface by placing it in a separate network segment or applying firewall rules to limit connections to trusted IP addresses only.
  • Actively monitor the device logs for abnormal termination events or repeated crashes, and consider implementing redundancy or failover mechanisms to maintain service availability during an exploit.

Generated by OpenCVE AI on June 10, 2026 at 22:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda G0 IPMacBindDel Leading to DoS
Weaknesses CWE-119

Wed, 10 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda g0
Vendors & Products Tenda
Tenda g0

Tue, 09 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda G0 IPMacBindDel Leading to DoS
Weaknesses CWE-119

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindIndex parameter of the formIPMacBindDel function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

Tenda G0
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-10T18:45:15.567Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36800

cve-icon Vulnrichment

Updated: 2026-06-10T18:44:04.634Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:45.630

Modified: 2026-06-10T19:16:35.180

Link: CVE-2026-36800

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T22:45:27Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')