CVE-2026-11528
Received Received - Intake
Stack-Based Buffer Overflow in Tenda AC18 Web Management Interface

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: VulDB

Description
A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of the argument callback results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-09
AI Q&A
2026-06-08
EPSS Evaluated
N/A
NVD
CVE-2026-11528
EUVD
EUVD-2026-35092
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda ac18 15.03.05.05
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stack-based buffer overflow found in the Tenda AC18 router's web management interface, specifically in the /goform/getRebootStatus endpoint.

It is caused by improper handling of the 'callback' parameter, where an overly long string is passed and concatenated using an unsafe function (sprintf) without proper length checks.

This leads to a 64-byte stack buffer overflow, allowing an attacker to overwrite critical memory areas such as the saved frame pointer and return address.

The vulnerability can be exploited remotely by sending a maliciously crafted request, potentially causing the web service to crash or enabling remote code execution.

Impact Analysis

Exploitation of this vulnerability can lead to serious impacts including denial of service (crashing the router's web management interface) and potentially remote code execution.

Remote code execution could allow an attacker to take control of the affected device, leading to unauthorized access, data compromise, or further network attacks.

Detection Guidance

This vulnerability can be detected by sending a specially crafted HTTP request to the /goform/getRebootStatus endpoint of the Tenda AC18 router's web management interface.

Specifically, sending an overly long string in the callback parameter can trigger the stack-based buffer overflow, which may cause the web service to crash or behave abnormally.

A proof-of-concept exploit involves sending a 4096-byte cyclic pattern as the callback parameter.

  • Use curl or similar tools to send a request like: curl -X GET 'http://<router-ip>/goform/getRebootStatus?callback=$(python3 -c "print('A'*4096)")'
  • Monitor the router's web service for crashes or unexpected behavior after sending the request.
Mitigation Strategies

Immediate mitigation steps include restricting access to the router's web management interface to trusted networks or IP addresses to prevent remote exploitation.

Additionally, monitor the router for unusual behavior or crashes that may indicate exploitation attempts.

If possible, disable the web management interface temporarily until a patch or firmware update addressing this vulnerability is available.

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11528. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart