CVE-2026-36799: Tenda G0 Buffer Overflow DoS Vulnerability – Firmware Update Required
A Denial of Service vulnerability exists in Tenda G0 routers running firmware version 15.11.0.5. The flaw is triggered through a buffer overflow in how the device processes the portalAuth parameter sent via HTTP requests. An attacker on the network can send a specially crafted request to crash or hang the router, making it unavailable to legitimate users. No authentication is required to exploit this vulnerability.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.5 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Weaknesses (CWE)
- CWE-120
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-09 / 2026-06-17
NVD description (verbatim)
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the portalAuth parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
1 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-36799 is a classic buffer overflow vulnerability (CWE-120) located in the formPortalAuth function of Tenda G0 firmware v15.11.0.5. The portalAuth parameter fails to validate input length before writing to a stack or heap buffer, allowing an attacker to send an oversized HTTP request payload. The resulting memory corruption causes the device to terminate or become unresponsive. The attack vector is network-based with no prerequisites—any remote actor can trigger the condition without credentials or user interaction.
Business impact
Affected routers can be knocked offline by remote attackers, disrupting internet connectivity for home or small office networks. In environments where Tenda G0 devices provide critical network access, this vulnerability enables business disruption and potential data loss if dependent services are interrupted. The ease of exploitation (network-accessible, no auth required) makes this a nuisance vector for competitors, disgruntled users, or opportunistic threat actors. Recovery typically requires manual reboot of the device.
Affected systems
Tenda G0 routers running firmware version 15.11.0.5 are confirmed vulnerable. Users should verify whether their device is running this specific firmware version via the device's web interface or documentation. Tenda may have released updated firmware since publication; check Tenda's official support site for the latest available version.
Exploitability
This vulnerability is straightforward to exploit and requires only network access—no authentication, no complex setup, no user interaction needed. Any attacker with layer-3 connectivity to the affected router can craft and send a malicious HTTP request. The low attack complexity and accessibility make opportunistic exploitation likely. However, exploitation is limited to Denial of Service; the attacker cannot steal data or gain administrative control of the device.
Remediation
Immediately check your Tenda G0 firmware version and upgrade to the latest available release from Tenda if your device is running v15.11.0.5 or earlier. Verify the update on Tenda's official support portal to ensure you obtain a patched firmware version. As an interim measure, restrict network access to the router's web interface if possible, though this does not fully mitigate the risk if the vulnerable function is reachable via other network services.
Patch guidance
Visit Tenda's official support website and locate the latest firmware release for your G0 model. Download the correct firmware file, access the router's admin panel (typically via http://192.168.0.1), navigate to System Tools or Firmware Upgrade, and follow the on-screen prompts to apply the update. Do not power off the router during the update process. After the upgrade completes and the device reboots, verify the new firmware version is installed before resuming normal operations. If you are unsure of your current version, check Settings or System Information in the router's web interface.
Detection guidance
Monitor network traffic for unusually large or malformed HTTP requests directed at the router's management port (typically 80 or 8080). Examine router logs for crashes, restarts, or access attempts to the /portalAuth endpoint with oversized payloads. If your router becomes unresponsive or reboots unexpectedly without user action, it may indicate exploitation attempts. Implement network-level controls (ACLs, firewall rules) to limit which hosts can reach the router's management interface. Consider deploying an IDS/IPS rule that detects oversized HTTP requests to portal or authentication endpoints.
Why prioritize this
Although the CVSS score of 7.5 (HIGH) reflects only Denial of Service impact, the vulnerability's trivial exploitability and lack of prerequisites warrant immediate attention. Devices remain online but unusable when successfully attacked. Organizations relying on Tenda G0 routers for network continuity should prioritize patching to restore service availability and prevent disruption. The combination of network accessibility and no authentication requirement makes this a high-priority attack surface that threat actors will test.
Risk score, explained
The CVSS v3.1 score of 7.5 (HIGH) stems from a network attack vector, low attack complexity, no privileges required, and no user interaction—all of which maximize reach and ease. However, the impact scope is limited to availability (Denial of Service); confidentiality and integrity are not affected. If the device were exploitable for remote code execution or credential theft, the score would be critical. As-is, the HIGH severity reflects the practical risk of service disruption combined with ease of attack, not the severity of data compromise.
Frequently asked questions
Is my Tenda G0 definitely vulnerable if I have firmware v15.11.0.5?
Yes, CVE-2026-36799 specifically affects v15.11.0.5. Check your device's firmware version in Settings or the web admin interface. If you are running v15.11.0.5, apply the latest available firmware update from Tenda immediately.
Can this vulnerability lead to data theft or unauthorized access to my network?
No. This vulnerability causes only Denial of Service (crashing or hanging the router). It does not allow an attacker to steal passwords, access your files, or compromise devices on your network. However, while the router is offline, an attacker could potentially attempt other attacks on connected devices that lose internet protection.
Do I need to change my router password or reconfigure settings after patching?
No. Patching via firmware update restores the device's functionality without altering your configuration. However, if you suspect unauthorized access to your router's admin panel, you may wish to reset the admin password after upgrading for peace of mind.
What if Tenda hasn't released a patch for my region or model variant?
Contact Tenda support for your region to request a patched firmware release. In the interim, restrict network access to your router's management interface using firewall rules, disable remote management features if available, and monitor for unexpected reboots or service interruptions.
This vulnerability intelligence is provided for informational purposes only and does not constitute professional security advice. SEC.co does not have independent verification of vendor patch releases or firmware version numbers; consult Tenda's official security advisories and support resources before applying any updates. The presence of this vulnerability does not guarantee exploitation in your environment. Conduct your own risk assessment based on your network topology, device deployment, and exposure to untrusted networks. SEC.co disclaims liability for service interruptions, data loss, or damage resulting from exploitation of this vulnerability or from actions taken in response to this advisory. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2018-25426HIGHWinMTR 0.91 Denial-of-Service Buffer Overflow Vulnerability
- CVE-2018-25432HIGHArm Whois 3.11 Buffer Overflow Allows Local Code Execution
- CVE-2019-25733HIGHNetShareWatcher 1.5.8.0 SEH Buffer Overflow – Local Code Execution
- CVE-2019-25735HIGHAllPlayer 7.4 Buffer Overflow in URL Handling – Local Code Execution Risk
- CVE-2019-25736HIGHLabF nfsAxe 3.7 Buffer Overflow – Local Code Execution
- CVE-2026-10126HIGHEdimax BR-6478AC Buffer Overflow Remote Code Execution
- CVE-2026-10163HIGHEdimax BR-6478AC Buffer Overflow in USB Account Handler
- CVE-2026-10164HIGHEdimax BR-6478AC Buffer Overflow Remote Code Execution