CVE-2026-11498
Deferred Deferred - Pending Action
Stack-Based Buffer Overflow in Tenda HG7HG9 and HG10 Web Management Interface

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: VulDB

Description
A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Interface. Performing a manipulation of the argument funckey_transfer results in stack-based buffer overflow. The attack is possible to be carried out remotely.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-08
AI Q&A
2026-06-08
EPSS Evaluated
N/A
NVD
CVE-2026-11498
EUVD
EUVD-2026-35028
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tenda hg7hg9 300001138_en_xpon
tenda hg10 300001138_en_xpon
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

Exploitation of this vulnerability can result in denial of service or arbitrary code execution on the affected device. This means an attacker could crash the router or run malicious code remotely, potentially taking control of the device.

Executive Summary

This vulnerability is a stack-based buffer overflow found in the Tenda HG7, HG9, and HG10 routers' web management interface. It specifically affects the function asp_voip_OtherSet in the /boaform/voip_other_set component. The issue arises when the argument funckey_transfer is manipulated, allowing an attacker to overflow the stack buffer.

The attack can be performed remotely by exploiting this parameter, potentially leading to serious consequences depending on the environment.

Detection Guidance

This vulnerability can be detected by monitoring or testing the /boaform/voip_other_set endpoint on affected Tenda HG7, HG9, and HG10 routers. Specifically, attempts to manipulate the funckey_transfer parameter in requests to this endpoint may indicate exploitation attempts.

To detect potential exploitation, you can use network monitoring tools or send crafted HTTP requests to the vulnerable endpoint and observe the router's behavior.

  • Use curl or similar tools to send a test request to the endpoint, for example: curl -X POST http://<router-ip>/boaform/voip_other_set -d "funckey_transfer=AAAA..."
  • Monitor router logs or network traffic for unusual POST requests to /boaform/voip_other_set containing the funckey_transfer parameter.
  • Use intrusion detection systems (IDS) or web application firewalls (WAF) to flag suspicious requests targeting this endpoint.
Mitigation Strategies

Immediate mitigation steps include restricting access to the router's web management interface to trusted networks or IP addresses only.

Disable remote management if it is enabled, to prevent remote exploitation attempts.

Monitor for unusual activity targeting the /boaform/voip_other_set endpoint and block suspicious requests.

Apply any available firmware updates or patches from the vendor that address this vulnerability once they become available.

Compliance Impact

The vulnerability in the Tenda HG7HG9 and HG10 routers allows remote attackers to perform a stack-based buffer overflow via the web management interface, potentially leading to denial of service or arbitrary code execution.

Such a vulnerability could impact compliance with standards like GDPR and HIPAA by compromising the confidentiality, integrity, and availability of data managed or transmitted by the affected devices.

If exploited, unauthorized access or disruption could lead to breaches of personal or sensitive information, which are critical concerns under these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11498. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart