Tenda HG7HG9/HG10 Web Management voip_other_set asp_voip_OtherSet stack-based overflow
CVE-2026-11498

8.7HIGH

Key Information:

Vendor

Tenda
Status
Hg7hg9
Hg10
Vendor
CVE Published:
8 June 2026

What is CVE-2026-11498?

A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Interface. Performing a manipulation of the argument funckey_transfer results in stack-based buffer overflow. The attack is possible to be carried out remotely.

Affected Version(s)

HG10 300001138_en_xpon

HG7HG9 300001138_en_xpon

References

https://vuldb.com/vuln/369118
vdb-entrytechnical-description
https://vuldb.com/vuln/369118/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-11498
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

moist (VulDB User)
.