CVE-2026-36796
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-36796
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tenda tenda_g0 15.11.0.5
tenda g0 15.11.0.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2026-36796 vulnerability affects the Tenda G0 router, specifically version V15.11.0.5, in the formCropAndSetWewifiPic function.

This function improperly handles the picCropName parameter, which is user-controlled and retrieved via websGetVar.

Because the parameter is used in a system command constructed with snprintf and executed via doSystemCmd without proper validation or sanitization, an attacker can send a crafted HTTP request with a specially crafted picCropName value to trigger a stack overflow.

This can lead to denial of service or even arbitrary code execution on the device.

Impact Analysis

Exploitation of this vulnerability can cause the Tenda G0 router to crash or become unstable, resulting in a denial of service (DoS).

Additionally, because the vulnerability allows for arbitrary code execution, an attacker could potentially take control of the device, leading to further compromise of the network or connected systems.

Detection Guidance

This vulnerability can be detected by monitoring for crafted HTTP requests targeting the picCropName parameter in the formCropAndSetWewifiPic function of the Tenda G0 router version V15.11.0.5.

Specifically, detection involves looking for unusually long or repetitive strings in the picCropName parameter within HTTP requests sent to the device.

A practical approach is to capture HTTP traffic to the router and search for requests containing the picCropName parameter with suspiciously long values, such as repeated characters (e.g., "a*888").

  • Use network packet capture tools like tcpdump or Wireshark to filter HTTP requests to the router's IP.
  • Example tcpdump command to capture HTTP traffic to the router: tcpdump -i <interface> host <router_ip> and port 80 -w capture.pcap
  • Analyze the captured traffic with Wireshark or grep for the picCropName parameter: grep -a 'picCropName=' capture.pcap
  • Look for unusually long or repetitive values in the picCropName parameter that may indicate an exploit attempt.
Mitigation Strategies

To mitigate this vulnerability immediately, avoid exposing the Tenda G0 router's HTTP management interface to untrusted networks.

Restrict access to the router's web interface to trusted users and networks only.

Monitor and block HTTP requests containing suspiciously long or malformed picCropName parameters.

If possible, update the router firmware to a version that patches this vulnerability once available.

As a temporary measure, consider disabling the affected functionality or the web management interface if it is not needed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36796. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart