Tenda HG7HG9/HG10 formPPPEdit stack-based overflow
CVE-2026-11553

8.7HIGH

Key Information:

Vendor

Tenda
Status
Hg7hg9
Hg10
Vendor
CVE Published:
8 June 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-11553?

A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.

Affected Version(s)

HG10 300001138_en_xpon

HG7HG9 300001138_en_xpon

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-11553 - Proof of Concept

References

https://vuldb.com/vuln/369163
vdb-entrytechnical-description
https://vuldb.com/vuln/369163/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-11553
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

zhihua xie (VulDB User)
.