Stack-Based Buffer Overflow in Tenda HG7HG9 and HG10 Web Management Interface
CVE-2026-11498

8.7HIGH

Key Information:

Vendor

Tenda

Vendor
CVE Published:
8 June 2026

What is CVE-2026-11498?

A stack-based buffer overflow vulnerability exists in the Tenda HG7HG9 and HG10 products. It affects the asp_voip_OtherSet function within the Web Management Interface at the /boaform/voip_other_set location. An attacker can exploit this vulnerability by manipulating the funckey_transfer argument, leading to a potential remote exploitation of the affected products.

Affected Version(s)

HG10 300001138_en_xpon

HG7HG9 300001138_en_xpon

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

moist (VulDB User)
.