MEDIUM 6.5

CVE-2026-36798: Tenda G0 Stack Overflow DoS Vulnerability

A vulnerability exists in Tenda G0 router firmware version 15.11.0.5 where an attacker can crash the device by sending specially crafted HTTP requests that exploit multiple stack overflow conditions. The vulnerability requires user interaction—specifically, someone must click a malicious link or visit an attacker-controlled website—but does not require authentication. Once triggered, it causes a denial of service that prevents the router from functioning until it is rebooted.

Source data · NVD / CISA · public domain

CVSS
3.1 · 6.5 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Weaknesses (CWE)
CWE-121
Affected products
0 configuration(s)
Published / Modified
2026-06-09 / 2026-06-17

NVD description (verbatim)

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple stack overflows in the formSetDebugCfgr function via the enable, level, and module parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

1 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-36798 is a stack buffer overflow vulnerability affecting Shenzhen Tenda Technology Co., Ltd's Tenda G0 router running firmware version 15.11.0.5. The vulnerability resides in the formSetDebugCfgr function, which fails to properly validate input length on the 'enable', 'level', and 'module' parameters supplied via HTTP POST requests. Attackers can overflow the stack buffer by providing oversized values in these parameters, leading to memory corruption. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow). The CVSS v3.1 score of 6.5 reflects the ability to cause high availability impact with network access, low attack complexity, and no privileges required, though user interaction is necessary.

Business impact

For organizations deploying Tenda G0 routers as network edge devices, this vulnerability poses an availability risk. An attacker can remotely render affected routers inoperative without authentication, potentially disrupting network connectivity and services that depend on those devices. The requirement for user interaction (clicking a link) somewhat limits opportunistic exploitation, but targeted attacks against organizations using this hardware remain practical. Recovery requires manual device reboot, creating operational overhead. If Tenda G0 devices are deployed in critical network paths, this availability impact could cascade to downstream services.

Affected systems

The vulnerability specifically affects Tenda G0 router firmware version 15.11.0.5. Organizations should verify whether they have this exact firmware version deployed. Tenda G0 routers are commonly used in small business and residential environments. The vendor information indicates Shenzhen Tenda Technology Co., Ltd as the manufacturer. Users of other Tenda G0 firmware versions should determine whether they are also vulnerable by checking vendor advisories, as the vulnerability may affect adjacent versions. Other Tenda product lines may also require evaluation, though the current advisory is specific to the G0 model.

Exploitability

Exploiting this vulnerability requires sending a crafted HTTP request to the affected router with oversized values in the 'enable', 'level', and 'module' parameters. No authentication is required, and the attack originates over the network. However, the vulnerability requires user interaction—typically clicking a malicious link or visiting an attacker-controlled page that triggers the request. This requirement meaningfully reduces the attack surface compared to unauthenticated network-accessible vulnerabilities. The attack succeeds when user interaction occurs, making targeted and phishing-based approaches more practical than mass exploitation. No public exploit code or active exploitation is currently documented.

Remediation

Immediately identify all Tenda G0 routers running firmware version 15.11.0.5 in your environment. Contact Shenzhen Tenda Technology Co., Ltd or consult their security advisories for patched firmware versions. Upgrade affected devices to the latest stable firmware release that addresses this vulnerability. Pending patch availability or deployment, consider network-level mitigations such as restricting HTTP access to the router's administration interface via firewall rules, limiting access to trusted networks only, and disabling remote management features if not required. User awareness training regarding suspicious links pointing to router management interfaces can reduce the likelihood of user interaction-based exploitation.

Patch guidance

Verify against Tenda's official security advisory and product support pages for the latest firmware release addressing CVE-2026-36798. Firmware updates for Tenda G0 routers are typically available through the device's web interface under system settings or through manual download from Tenda's official website. Before applying updates, back up router configuration. Test patches in a non-production environment if possible. Ensure firmware integrity by verifying checksums provided by the vendor. After patching, confirm the router's firmware version to ensure the update was successful.

Detection guidance

Monitor HTTP requests to your Tenda G0 devices for POST requests to the formSetDebugCfgr function with abnormally large or unusual parameter values in the 'enable', 'level', and 'module' fields. Implement network intrusion detection (IDS) rules to alert on suspicious HTTP requests to the debug configuration endpoint. Log all HTTP requests to the router's web management interface and review logs for attempts to access the vulnerable function with oversized payloads. Check for unexpected router reboots or service disruptions that may indicate exploitation attempts. Web application firewalls (WAF) or reverse proxies in front of the router can be configured to limit request sizes and validate parameter formats.

Why prioritize this

While the CVSS score is moderate (6.5), prioritize patching based on the router's role in your network. If Tenda G0 devices are in critical network paths, availability impact is significant. The requirement for user interaction reduces the threat level compared to wormable vulnerabilities, but targeted attacks and phishing remain realistic. Organizations with widespread Tenda G0 deployments should prioritize firmware inventory and patching to eliminate the availability risk. The fact that this is not currently in the CISA KEV catalog suggests active exploitation has not been widely observed, but that does not diminish the operational impact of successful attacks.

Risk score, explained

The CVSS 3.1 score of 6.5 (MEDIUM) reflects a high-impact availability loss (Availability: High) achievable with network access and low attack complexity, but tempered by the requirement for user interaction (UI:R). The vulnerability does not compromise confidentiality or integrity—only availability. The moderate score appropriately captures the risk: this is a serious availability threat to affected devices, but not a critical remote code execution or privilege escalation vulnerability. Organizations with affected firmware should still treat patching as a priority due to the operational disruption potential, even though the numerical severity is not CRITICAL.

Frequently asked questions

Can this vulnerability allow an attacker to take control of my router or access my network traffic?

No. CVE-2026-36798 causes a denial of service (crash/reboot) but does not enable remote code execution, privilege escalation, or data theft. Attackers cannot access your network traffic, change router settings, or gain administrative control. The impact is limited to availability—the router becomes inoperable until manually rebooted.

Do I need to do anything if I'm not running Tenda G0 firmware version 15.11.0.5 specifically?

Verify your exact firmware version in the router's web interface or administration panel. Check Tenda's security advisories to determine if adjacent versions are also affected. If you run a different Tenda product line (e.g., G1, G2), consult the vendor's guidance for your specific model, as the vulnerability is documented for G0 v15.11.0.5.

What's the risk if my router is on an isolated network or behind a firewall?

The vulnerability requires HTTP access to the router and user interaction (clicking a link). If the router's web interface is not accessible from untrusted networks and users are not likely to click malicious links pointing to internal router management interfaces, the practical risk is reduced. However, network isolation is not a substitute for patching; apply available firmware updates as soon as feasible.

If I patch this vulnerability, will I lose my router configuration?

Firmware updates typically preserve your router configuration, but best practice is to back up your settings before updating. Consult Tenda's firmware release notes to confirm. After patching, verify the router's firmware version and test connectivity to ensure the update was successful.

This analysis is provided for informational purposes and reflects publicly available information as of the publication date. SEC.co makes no warranty regarding the completeness or accuracy of vendor information, patch availability, or timeline. Organizations should verify all patch version numbers and compatibility against official Tenda Technology advisories before deploying updates. The vulnerability data, CVSS score, and KEV status are current as of the source data timestamp; check official sources for updates. This document does not constitute legal advice or a guarantee of security posture. Consult your organization's security team and vendor documentation for environment-specific remediation decisions. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).