CVE-2026-36805
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-36805
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
tenda tenda_g0 15.11.0.5
tenda g0 15.11.0.5
tenda pw201a 1.0.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can be exploited by an attacker to cause a Denial of Service (DoS) on the affected device. By sending a specially crafted HTTP request with long parameter values, the attacker can trigger a buffer overflow that crashes the process or destabilizes the device, potentially making the device unavailable or unresponsive.

Executive Summary

The vulnerability CVE-2026-36805 affects the Tenda PW201A V1.0.5 device, specifically in the TENDA_HTTPD component. It is a buffer overflow issue in the Saveqqlist function caused by improper handling of user-controlled HTTP parameters named "qqStr" and "markStr." These parameters are retrieved from HTTP requests and concatenated using a function similar to sprintf without proper bounds checking. If an attacker sends a crafted HTTP request with excessively long parameter values, it can overflow the buffer, leading to potential crashes or instability of the device.

Detection Guidance

This vulnerability can be detected by sending crafted HTTP requests to the vulnerable device's CGI endpoint, specifically targeting the parameters "qqStr" and "markStr".

An example detection method is to send an HTTP request with an excessively long parameter value (e.g., a string of 888 or more repeated characters such as "a") to the vulnerable endpoint and observe if the device crashes or becomes unstable.

A sample command using curl to test this could be:

  • curl -X POST http://[device_ip]/[vulnerable_cgi_endpoint] -d "qqStr=$(python3 -c 'print("a"*888)')&markStr=test"

If the device crashes or the service becomes unresponsive after this request, it indicates the presence of the vulnerability.

Mitigation Strategies

To mitigate the CVE-2026-36805 vulnerability, immediately restrict or block access to the vulnerable HTTP endpoint that processes the qqStr and markStr parameters to prevent crafted HTTP requests from reaching the device.

Additionally, monitor network traffic for unusually long or suspicious parameter values targeting the vulnerable function to detect potential exploitation attempts.

If possible, apply any available firmware updates or patches from the vendor that address this buffer overflow vulnerability.

As a temporary measure, consider disabling the affected web service or limiting access to trusted networks until a fix is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36805. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart