CVE-2026-36796: Shenzhen Tenda Technology Co
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A stack-based buffer overflow in the Tenda G0 router firmware (v15.11.0.5) allows an unauthenticated remote attacker to crash the device by sending a crafted HTTP request containing an oversized picCropName parameter to the formCropAndSetWewifiPic function. The vulnerability is reachable over the network with no credentials required and no victim interaction needed. Successful exploitation causes a denial of service, taking the affected device offline. No fix version has been published; HarborGuard tracks the advisory for patch availability.
HarborGuard Coverage
Detection for CVE-2026-36796 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds, including custom-built images that package Tenda G0 firmware or management tooling referencing the affected version.
AvailableHarborGuard is capable of scoring this CVE at CVSS 7.5 (HIGH) and weighting it against each customer organization's compliance policy to determine urgency; findings are routable to the appropriate team inbox based on per-environment configuration.
AvailableBecause no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment a fix is released. In the interim, compensating-control guidance is surfaced to customers with affected images in scope.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable HTTP endpoint is exposed over the network, so the attacker must be able to reach the device's web interface remotely.
- AuthenticationNot required
No credentials are needed; the crafted request can be sent by any unauthenticated party with network access to the device.
- Victim interactionNot required
The attack is fully self-contained and requires no action from any user on the targeted device.
- Attack complexityDetail
Exploitation is reliable and condition-free; sending a single crafted HTTP request with an oversized picCropName value is sufficient to trigger the overflow.
Blast Radius
- Crashes the affected Tenda G0 device, taking it offline and severing all network connectivity it provides.
- Causes sustained service disruption if the device does not auto-recover, requiring a manual reboot to restore availability.
- No confidentiality or integrity impact is indicated; the attacker cannot read data or modify configuration through this vulnerability alone.
How HarborGuard Handles This
Available on HarborGuard: detection for this CVE is active and will match any customer image found to include the affected Tenda G0 firmware version (v15.11.0.5). Because no upstream patch exists, HarborGuard monitors the advisory on every ingest cycle and will automatically trigger a patched-image rebuild and, for customers with auto-remediation enabled, open a regression-tested PR against affected workloads as soon as a fix version is published. While no fix is available, HarborGuard surfaces compensating-control recommendations including network-policy isolation to restrict access to the device management interface, egress filtering to limit exposure of the HTTP endpoint, and feature-flag gating where the affected function can be disabled at the application layer.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H