HIGH 7.5

CVE-2026-36796: Tenda G0 Stack Overflow DoS Vulnerability (Firmware 15.11.0.5)

Tenda G0 routers running firmware version 15.11.0.5 contain a stack overflow vulnerability in the image cropping function that can be exploited remotely without authentication. An attacker can send a specially crafted HTTP request to crash the router, disrupting network service. This is a network-accessible denial-of-service vulnerability requiring no user interaction or credentials.

Source data · NVD / CISA · public domain

CVSS
3.1 · 7.5 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weaknesses (CWE)
CWE-120
Affected products
0 configuration(s)
Published / Modified
2026-06-09 / 2026-06-17

NVD description (verbatim)

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

1 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The vulnerability resides in the formCropAndSetWewifiPic function within Tenda G0 v15.11.0.5 firmware. The picCropName parameter fails to validate input length before copying data onto the stack, creating a classic stack buffer overflow (CWE-120). The network-accessible HTTP endpoint accepts untrusted input without bounds checking, allowing an unauthenticated remote attacker to overwrite stack memory and crash the device. The CVSS 3.1 score of 7.5 reflects high availability impact through a low-complexity network attack vector requiring no privileges or user interaction.

Business impact

Organizations deploying Tenda G0 routers face intermittent or complete network outages if this vulnerability is exploited. While the vulnerability is limited to denial-of-service (no data confidentiality or integrity compromise), network unavailability can disrupt business operations, remote access, and services dependent on the router. Affected environments include small office/branch deployments and edge network segments where Tenda consumer-grade equipment may be repurposed for business use.

Affected systems

Tenda G0 routers running firmware version 15.11.0.5 are confirmed vulnerable. Organizations should verify whether older or newer firmware versions in the G0 line are affected by checking Tenda's security advisories and release notes. The vulnerability is present in a commonly deployed model in cost-sensitive network deployments.

Exploitability

Exploitation is straightforward: the vulnerability requires only network access to the affected router's HTTP interface and crafting a malicious request targeting the formCropAndSetWewifiPic endpoint with an oversized picCropName parameter. No authentication, user interaction, or complex conditions are necessary. The low complexity and lack of prerequisites make this easily weaponizable; however, the vulnerability is not yet tracked in CISA's Known Exploited Vulnerabilities catalog, suggesting active exploitation may be limited as of the publication date.

Remediation

Tenda has likely released a firmware patch addressing the stack overflow. Organizations should contact Tenda support or check the Tenda G0 product page for the latest firmware version and apply it immediately. Verify against the vendor advisory to confirm the specific patched firmware version. In the interim, restrict HTTP access to the router's management interface to trusted networks using firewall rules or network segmentation.

Patch guidance

Check Tenda's official support portal and security advisories for firmware updates to Tenda G0. Download and apply the latest stable firmware release that addresses CVE-2026-36796. Follow Tenda's firmware upgrade procedure carefully, as interrupted updates can brick devices. Test in a non-production environment if possible. Once patched, verify the firmware version is confirmed as containing the fix by cross-referencing against Tenda's release notes and security bulletins.

Detection guidance

Monitor router access logs for HTTP requests containing unusually long or malformed picCropName parameter values sent to the formCropAndSetWewifiPic endpoint. Unexpected router reboots or service restarts may indicate exploitation attempts. Implement network segmentation to isolate router management interfaces and monitor for unexpected HTTP traffic patterns directed at management ports. Intrusion detection signatures targeting stack overflow exploitation patterns in router firmware may be available from security vendors; deploy these rules if applicable.

Why prioritize this

This vulnerability warrants expedited patching due to its high CVSS score (7.5), network accessibility, and lack of authentication requirements. The ease of exploitation combined with widespread availability of consumer routers in business networks elevates risk. Although it causes only denial-of-service, business continuity impact justifies priority remediation within one to two weeks.

Risk score, explained

The CVSS 3.1 score of 7.5 (HIGH) reflects a network-accessible, low-complexity attack requiring no privileges or user interaction that achieves complete unavailability of the affected service. The score does not reflect confidentiality or integrity compromise. Organizations in industries with high availability requirements or reliance on router uptime should treat this as HIGH priority; those with redundant or less critical deployments may lower it to MEDIUM.

Frequently asked questions

Is Tenda G0 used in enterprise environments, or only consumer networks?

Tenda G0 is a consumer-grade router, but it is frequently deployed in small office/home office (SOHO) environments, branch offices, and edge network segments by cost-conscious organizations or as a secondary/backup device. Verify your organization's asset inventory to determine exposure.

Can this vulnerability be exploited from the internet, or only from the local network?

The vulnerability is network-accessible and can be exploited from the internet if the router is directly exposed to WAN traffic. However, most routers are behind firewalls or NAT. Confirm network topology and access controls to determine real-world risk.

Does this vulnerability compromise user data or network traffic?

No. The vulnerability only causes denial-of-service (crash/reboot). It does not allow attackers to intercept traffic, access credentials, or compromise data confidentiality or integrity. The risk is availability, not data security.

What should I do if my Tenda G0 is not running v15.11.0.5?

Check Tenda's official security advisory to determine if your specific firmware version is affected. The vulnerability may impact multiple firmware versions in the G0 line. Always apply the latest stable firmware release for your model.

This analysis is provided for informational purposes and represents the state of vulnerability intelligence as of the published date. Security researchers and vendors may discover additional affected versions, attack vectors, or patch information not reflected here. Organizations should verify patch availability and compatibility with their specific Tenda G0 firmware version through official Tenda channels before deployment. SEC.co does not assume liability for patch failures, device incompatibilities, or business interruption resulting from remediation actions. Consult with your network vendor and security team before applying firmware updates to production systems. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).