CVE-2026-36796
Deferred Deferred - Pending Action

Stack Overflow in Tenda G0 Router Firmware

Publication date: 2026-06-09

Last updated on: 2026-06-10

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-10
Generated
2026-06-30
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2026-36796

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
tenda tenda_g0 15.11.0.5
tenda g0 15.11.0.5

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The CVE-2026-36796 vulnerability affects the Tenda G0 router, specifically version V15.11.0.5, in the formCropAndSetWewifiPic function.

This function improperly handles the picCropName parameter, which is user-controlled and retrieved via websGetVar.

Because the parameter is used in a system command constructed with snprintf and executed via doSystemCmd without proper validation or sanitization, an attacker can send a crafted HTTP request with a specially crafted picCropName value to trigger a stack overflow.

This can lead to denial of service or even arbitrary code execution on the device.

Impact Analysis

Exploitation of this vulnerability can cause the Tenda G0 router to crash or become unstable, resulting in a denial of service (DoS).

Additionally, because the vulnerability allows for arbitrary code execution, an attacker could potentially take control of the device, leading to further compromise of the network or connected systems.

Detection Guidance

This vulnerability can be detected by monitoring for crafted HTTP requests targeting the picCropName parameter in the formCropAndSetWewifiPic function of the Tenda G0 router version V15.11.0.5.

Specifically, detection involves looking for unusually long or repetitive strings in the picCropName parameter within HTTP requests sent to the device.

A practical approach is to capture HTTP traffic to the router and search for requests containing the picCropName parameter with suspiciously long values, such as repeated characters (e.g., "a*888").

  • Use network packet capture tools like tcpdump or Wireshark to filter HTTP requests to the router's IP.
  • Example tcpdump command to capture HTTP traffic to the router: tcpdump -i <interface> host <router_ip> and port 80 -w capture.pcap
  • Analyze the captured traffic with Wireshark or grep for the picCropName parameter: grep -a 'picCropName=' capture.pcap
  • Look for unusually long or repetitive values in the picCropName parameter that may indicate an exploit attempt.
Mitigation Strategies

To mitigate this vulnerability immediately, avoid exposing the Tenda G0 router's HTTP management interface to untrusted networks.

Restrict access to the router's web interface to trusted users and networks only.

Monitor and block HTTP requests containing suspiciously long or malformed picCropName parameters.

If possible, update the router firmware to a version that patches this vulnerability once available.

As a temporary measure, consider disabling the affected functionality or the web management interface if it is not needed.

Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-36796 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36796. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart