CVE-2026-36797
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the IPMacBindRuleIp parameter of the formIPMacBindModify function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-36797
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
shenzhen_tenda_technology_co_ltd tenda_g0 15.11.0.5
tenda tenda_g0 15.11.0.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability CVE-2026-36797 affects the Tenda G0 router firmware version V15.11.0.5, specifically in the formIPMacBindModify function.

This function processes HTTP parameters IPMacBindRuleIp and IPMacBindRuleMac, which are retrieved via websGetVar.

The vulnerability arises because these parameters are used in a sprintf command without proper bounds checking, leading to a stack-based buffer overflow.

An attacker can exploit this by sending a crafted HTTP request with an excessively long parameter value (for example, a string of 888 or more characters) to the formIPMacBindModify CGI endpoint.

Impact Analysis

Exploitation of this vulnerability can cause a Denial of Service (DoS) on the affected device.

Specifically, sending a crafted HTTP request with an overly long parameter value can cause the router to crash or become unstable, disrupting network connectivity and device availability.

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests sent to the Tenda G0 router's formIPMacBindModify CGI endpoint. Specifically, look for HTTP requests containing the IPMacBindRuleIp parameter with an excessively long value (e.g., 888 or more characters), which indicates an attempt to exploit the stack overflow.

A practical detection method is to capture and analyze HTTP traffic targeting the router and filter for requests to the formIPMacBindModify endpoint with unusually long IPMacBindRuleIp parameter values.

  • Use a network packet capture tool like tcpdump or Wireshark to capture HTTP traffic to the router.
  • Example tcpdump command to capture HTTP requests to the router (replace <router_ip> with the router's IP address):
  • tcpdump -A -s 0 'host <router_ip> and tcp port 80'
  • After capturing, search for HTTP POST or GET requests to the path containing 'formIPMacBindModify' and check the length of the IPMacBindRuleIp parameter.
  • Alternatively, use command-line tools like curl or wget to test the endpoint by sending a crafted HTTP request with a long IPMacBindRuleIp parameter and observe the device behavior.
Mitigation Strategies

To mitigate this vulnerability immediately, avoid exposing the Tenda G0 router's management interface to untrusted networks, especially the internet.

Restrict access to the router's HTTP management interface by using firewall rules or network segmentation to limit who can send requests to the formIPMacBindModify endpoint.

Monitor and block HTTP requests with suspiciously long IPMacBindRuleIp parameter values to prevent exploitation attempts.

If available, update the router firmware to a version that patches this vulnerability.

If a patch is not yet available, consider disabling the vulnerable service or CGI endpoint if possible.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36797. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart