CVE-2026-11499NVD

Vulnerability Summary

A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote.

Severity Level

CRITICAL(9.8)

Published Date

Jun 8, 2026

Last Modified

Jun 8, 2026

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://vuldb.com/vuln/369119
https://vuldb.com/vuln/369119/cti
https://vuldb.com/cve/CVE-2026-11499
https://vuldb.com/submit/834888
https://github.com/ssaaaa1234/Tenda-HG10-formDOMAINBLK-stack-overflow-2
https://www.tenda.com.cn/

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-11499NVD

Vulnerability Summary

External References