CVE-2026-11499

EUVD-2026-35029
A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Common Weakness Enumeration
References
https://github.com/ssaaaa1234/Tenda-HG10-formDOMAINBLK-stack-overflow-2
https://vuldb.com/cve/CVE-2026-11499
https://vuldb.com/submit/834888
https://vuldb.com/vuln/369119
https://vuldb.com/vuln/369119/cti
https://www.tenda.com.cn/