CVE-2026-36805
Deferred Deferred - Pending Action

Buffer Overflow in Tenda G0 Router Firmware

Publication date: 2026-06-09

Last updated on: 2026-06-10

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-10
Generated
2026-06-30
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2026-36805

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
tenda tenda_g0 15.11.0.5
tenda g0 15.11.0.5
tenda pw201a 1.0.5

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability can be exploited by an attacker to cause a Denial of Service (DoS) on the affected device. By sending a specially crafted HTTP request with long parameter values, the attacker can trigger a buffer overflow that crashes the process or destabilizes the device, potentially making the device unavailable or unresponsive.

Executive Summary

The vulnerability CVE-2026-36805 affects the Tenda PW201A V1.0.5 device, specifically in the TENDA_HTTPD component. It is a buffer overflow issue in the Saveqqlist function caused by improper handling of user-controlled HTTP parameters named "qqStr" and "markStr." These parameters are retrieved from HTTP requests and concatenated using a function similar to sprintf without proper bounds checking. If an attacker sends a crafted HTTP request with excessively long parameter values, it can overflow the buffer, leading to potential crashes or instability of the device.

Detection Guidance

This vulnerability can be detected by sending crafted HTTP requests to the vulnerable device's CGI endpoint, specifically targeting the parameters "qqStr" and "markStr".

An example detection method is to send an HTTP request with an excessively long parameter value (e.g., a string of 888 or more repeated characters such as "a") to the vulnerable endpoint and observe if the device crashes or becomes unstable.

A sample command using curl to test this could be:

  • curl -X POST http://[device_ip]/[vulnerable_cgi_endpoint] -d "qqStr=$(python3 -c 'print("a"*888)')&markStr=test"

If the device crashes or the service becomes unresponsive after this request, it indicates the presence of the vulnerability.

Mitigation Strategies

To mitigate the CVE-2026-36805 vulnerability, immediately restrict or block access to the vulnerable HTTP endpoint that processes the qqStr and markStr parameters to prevent crafted HTTP requests from reaching the device.

Additionally, monitor network traffic for unusually long or suspicious parameter values targeting the vulnerable function to detect potential exploitation attempts.

If possible, apply any available firmware updates or patches from the vendor that address this buffer overflow vulnerability.

As a temporary measure, consider disabling the affected web service or limiting access to trusted networks until a fix is applied.

Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36805. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart