Stack-Based Buffer Overflow in Tenda HG7HG9 and HG10 Routers
CVE-2026-11499
9.3CRITICAL
What is CVE-2026-11499?
A vulnerability exists in Tenda HG7HG9 and HG10 routers related to the formDOMAINBLK function in the /boaform/formDOMAINBLK file. This vulnerability allows an attacker to manipulate the blkDomain argument, which may result in a stack-based buffer overflow. This type of flaw can be exploited remotely, potentially enabling unauthorized access or control over the affected devices.
Affected Version(s)
HG10 300001138_en_xpon
HG7HG9 300001138_en_xpon
References
EPSS Score
6% chance of being exploited in the next 30 days.
CVSS V4
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
moist (VulDB User)