Tenda HG7HG9/HG10 formDOMAINBLK stack-based overflow
CVE-2026-11499

9.3CRITICAL

Key Information:

Vendor: Tenda
Status: Hg7hg9; Hg10
Vendor: CVE Published:; 8 June 2026

🔔 Create Tenda Vulnerability Alert

What is CVE-2026-11499?

A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote.

Affected Version(s)

HG10 300001138_en_xpon

HG7HG9 300001138_en_xpon

References

https://vuldb.com/vuln/369119

vdb-entrytechnical-description

https://vuldb.com/vuln/369119/cti

signaturepermissions-required

https://vuldb.com/cve/CVE-2026-11499

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2026
Vulnerability Reserved
Jun 7, 2026

Credit

moist (VulDB User)

CVE-2026-11499 Data

.