VYPR
← All advisories
High severity8.8NVD Advisory· Published Jun 8, 2026

CVE-2026-11498

CVE-2026-11498

Description

A stack-based buffer overflow in Tenda HG7, HG9, and HG10 routers' web management interface allows remote attackers to cause a denial of service or execute arbitrary code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A stack-based buffer overflow in Tenda HG7, HG9, and HG10 routers' web management interface allows remote attackers to cause a denial of service or execute arbitrary code.

Vulnerability

A stack-based buffer overflow vulnerability exists in the asp_voip_OtherSet function within the /boaform/voip_other_set component of the Web Management Interface on Tenda HG7, HG9, and HG10 routers, specifically affecting firmware version 300001138_en_xpon. This vulnerability is triggered by manipulating the funckey_transfer argument [1].

Exploitation

An attacker with access to the web management interface can remotely exploit this vulnerability by sending a crafted request that manipulates the funckey_transfer parameter. This manipulation leads to a stack-based buffer overflow within the asp_voip_OtherSet function [1].

Impact

Successful exploitation of this vulnerability can result in a denial of service (DoS) on the affected device. Depending on the runtime environment and existing security protections, it may also be possible for an attacker to achieve arbitrary code execution, potentially leading to a compromise of the device [1].

Mitigation

No specific patched version or release date has been disclosed in the available references. Users are advised to check the vendor's official website for any potential firmware updates or security advisories. The vendor's website is available at [2].

References
  1. GitHub - ssaaaa1234/tenda-hg10-voip-other-set-stack-overflow: Tenda HG10 stack-based buffer overflow in asp_voip_OtherSet via funckey_transfer
  2. 腾达(Tenda) 腾达中文网站 - 致力于建设值得信赖的好网络

AI Insight generated on Jun 8, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

5

News mentions

0

No linked articles in our index yet.