Description
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindRule parameter of the formIPMacBindAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow exists in the IPMacBindRule parameter of the formIPMacBindAdd function in the Tenda G0 router firmware v15.11.0.5. The flaw allows an attacker to trigger an overflow by sending a specially crafted HTTP request, leading the device to crash and stop processing requests. This vulnerability does not compromise data confidentiality or integrity, but it effectively disrupts the router’s availability for legitimate users.

Affected Systems

The affected product is the Tenda G0 router running firmware version 15.11.0.5, produced by Shenzhen Tenda Technology Co., Ltd. No other vendors or product versions are currently known to be impacted.

Risk and Exploitability

The overflow can be exploited remotely over the network without requiring local access or elevated privileges. The EPSS score of less than 1% indicates a low probability of widespread attacks, yet the remote nature of the DoS and the CVSS score of 7.5 reflect a high severity level. Although the vulnerability is not listed in the CISA KEV catalog, operators should assess the potential operational impact of a DoS to critical networking equipment.

Generated by OpenCVE AI on June 10, 2026 at 21:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor firmware update that removes the buffer overflow vulnerability
  • If the IPMacBind feature is not needed, disable it through the router’s configuration interface
  • Restrict inbound HTTP traffic to trusted networks using firewall or ACL rules
  • Monitor system logs for anomalous request patterns and investigate promptly

Generated by OpenCVE AI on June 10, 2026 at 21:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda G0 Router Causes Denial of Service

Wed, 10 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in IPMacBindRule Leading to DoS
Weaknesses CWE-119

Wed, 10 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda g0
Vendors & Products Tenda
Tenda g0

Tue, 09 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in IPMacBindRule Leading to DoS
Weaknesses CWE-119

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindRule parameter of the formIPMacBindAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

Tenda G0
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-10T17:42:44.663Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36801

cve-icon Vulnrichment

Updated: 2026-06-10T17:41:19.539Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:45.757

Modified: 2026-06-10T18:16:45.850

Link: CVE-2026-36801

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T21:30:36Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')