CVE-2026-36801
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindRule parameter of the formIPMacBindAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-36801
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tenda tenda_g0 15.11.0.5
tenda g0 15.11.0.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Immediate mitigation steps include restricting access to the router's management interface to trusted networks or IP addresses to prevent unauthorized HTTP requests.

If possible, disable remote management features temporarily until a firmware update or patch is applied.

Monitor the router for crashes or instability that may indicate exploitation attempts.

Contact Shenzhen Tenda Technology Co., Ltd or check their official channels for firmware updates addressing this vulnerability and apply them as soon as they become available.

Executive Summary

The CVE-2026-36801 vulnerability is a buffer overflow issue in the Tenda G0 router firmware, specifically in the formIPMacBindAdd function of version V15.11.0.5.

This flaw happens when an attacker sends a crafted HTTP request to the formIPMacBindAdd CGI endpoint with an excessively long IPMacBindRule parameter, such as a string of 888 or more 'a' characters.

The vulnerability is triggered by a strcpy operation in the ipMacBindListStore function, which copies the malicious input into a fixed-size buffer, causing a buffer overflow.

Impact Analysis

This vulnerability can be exploited to cause a Denial of Service (DoS) on the affected device.

The buffer overflow can lead to process crashes or device instability, potentially making the router unusable until it is restarted or fixed.

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests sent to the Tenda G0 router's formIPMacBindAdd CGI endpoint. Specifically, look for HTTP requests containing the IPMacBindRule parameter with an unusually long string (e.g., 888 or more characters). Such requests may indicate an attempt to exploit the buffer overflow.

A possible detection method is to capture and analyze network traffic targeting the router's management interface, filtering for HTTP POST or GET requests to the formIPMacBindAdd endpoint with suspiciously long IPMacBindRule parameters.

Example command using tcpdump to capture relevant HTTP traffic:

  • tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'formIPMacBindAdd'

Alternatively, use tools like Wireshark to filter HTTP requests containing 'formIPMacBindAdd' and inspect the IPMacBindRule parameter length.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36801. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart