Stack-Based Buffer Overflow in Tenda HG7HG9 and HG10 Routers
CVE-2026-11499

9.3CRITICAL

Key Information:

Vendor

Tenda

Vendor
CVE Published:
8 June 2026

What is CVE-2026-11499?

A vulnerability exists in Tenda HG7HG9 and HG10 routers related to the formDOMAINBLK function in the /boaform/formDOMAINBLK file. This vulnerability allows an attacker to manipulate the blkDomain argument, which may result in a stack-based buffer overflow. This type of flaw can be exploited remotely, potentially enabling unauthorized access or control over the affected devices.

Affected Version(s)

HG10 300001138_en_xpon

HG7HG9 300001138_en_xpon

References

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

moist (VulDB User)
.