CVE-2026-36799

Vulnerability

A buffer overflow vulnerability exists in the formPortalAuth function of Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5. The vulnerability is triggered when user-influenced HTTP parameters, specifically the gotoUrl parameter, are processed by websGetVar and subsequently copied into a fixed-size buffer using strcpy without proper bounds checking. The vulnerable path is reachable via the formPortalAuth CGI endpoint [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the formPortalAuth CGI endpoint. The request should include a gotoUrl parameter with a value exceeding the allocated buffer size, for example, a string of 888 or more characters. This can be achieved without any special privileges or authentication, as the vulnerable path is described as plain [1].

Impact

Successful exploitation of this buffer overflow vulnerability can lead to a Denial of Service (DoS) condition. This may manifest as a process crash or device instability, rendering the Tenda G0 device unusable [1].

Mitigation

This vulnerability affects Tenda G0 v15.11.0.5. A fix for this issue has not yet been disclosed in the available references. Users are advised to check for updated firmware releases from Tenda. No workarounds or EOL status are currently available [1].