CVE-2026-36805: Shenzhen Tenda Technology Co
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
Multiple stack-based buffer overflows affect the Saveqqlist function in Tenda G0 firmware v15.11.0.5, reachable over the network without any authentication. An attacker sends a crafted HTTP request with oversized qqStr or markStr parameters to overflow an internal buffer. Successful exploitation crashes the affected service, causing a denial of service. HarborGuard is tracking this advisory and will make a patched-image rebuild available as soon as an upstream fix is published.
HarborGuard Coverage
Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images derived from affected firmware or base layers.
AvailableHarborGuard scores this finding at CVSS 7.5 HIGH using the published v3.1 vector, and per-environment compliance policy weighting can escalate or suppress the alert priority before routing it to the appropriate team inbox within each customer org.
AvailableNo upstream fix has been published for this CVE. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Tenda releases a fix, with auto-remediation customers receiving a rebuild, regression run, and PR against affected workloads at that time.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable Saveqqlist function is exposed over the network via HTTP, so the attacker must be able to reach the device's web interface across the network.
- AuthenticationNot required
No credentials are needed; the crafted HTTP request can be sent by any unauthenticated client.
- Victim interactionNot required
Exploitation is fully attacker-driven and requires no action from a user or administrator on the target device.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, memory layout randomization, or other environmental factors.
Blast Radius
- Crashes the Saveqqlist request handler, rendering the affected service unavailable.
- Sustained or repeated requests can keep the device in a crashed or reboot loop, causing prolonged network outage for anything relying on the gateway.
- No confidentiality or integrity impact is indicated; the attacker gains no read or write access to data on the device.
How HarborGuard Handles This
Available on HarborGuard: this CVE is continuously monitored across ingest cycles because no upstream fix currently exists. For environments running container images that bundle Tenda G0 firmware or derivative components, HarborGuard flags affected images and can apply network-policy isolation rules as a compensating control to restrict inbound HTTP access to the management interface. Where egress filtering or feature-flag gating is available in the customer environment, HarborGuard surfaces those options in the triage detail view. As soon as Tenda publishes a patched firmware version, a rebuilt image at that fix version becomes available on HarborGuard automatically; customers with auto-remediation enabled will receive a rebuild, a regression-test run, and a PR opened against affected workloads without manual intervention.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H