CVE-2026-11499

CRITICAL

Tenda HG7HG9/HG10 formDOMAINBLK stack-based overflow

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-11499. PoCs published by 0xBlackash.

AI-analyzed exploit summary The repository contains a functional Python script that exploits a stack-based buffer overflow in Tenda HG7/HG9/HG10 routers via the 'blkDomain' parameter in the '/boaform/formDOMAINBLK' endpoint. The PoC sends a crafted payload to trigger a crash or potential RCE.

Description

A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote.

Exploits (1)

github WORKING POC

by 0xBlackash · pythonpoc

https://github.com/0xBlackash/CVE-2026-11499

View Code ZIP pw:eip

The repository contains a functional Python script that exploits a stack-based buffer overflow in Tenda HG7/HG9/HG10 routers via the 'blkDomain' parameter in the '/boaform/formDOMAINBLK' endpoint. The PoC sends a crafted payload to trigger a crash or potential RCE.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Tenda HG7/HG9/HG10 routers (firmware HG7_HG9_HG10re_300001138_en_xpon and similar)

No auth needed

Prerequisites: Network access to the vulnerable router

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Jun 08, 2026 Full analysis →

References (6)

Core 6

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-369119 | Tenda HG7HG9/HG10 formDOMAINBLK stack-based overflow

https://vuldb.com/vuln/369119

Signature, Permissions Required signature permissions-required

VDB-369119 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/369119/cti

Third Party Advisory third-party-advisory

CVE-2026-11499 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-11499

Third Party Advisory third-party-advisory

Submit #834888 | Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon stack-based buffer overflow

https://vuldb.com/submit/834888

Broken Link broken-link

https://github.com/ssaaaa1234/Tenda-HG10-formDOMAINBLK-stack-overflow-2

View Writeup ZIP pw:eip

Product product

https://www.tenda.com.cn/

Scores

CVSS v3 9.8

EPSS 0.0009

EPSS Percentile 25.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-119 CWE-121

Status published

Products (2)

Tenda/HG10 300001138_en_xpon

Tenda/HG7HG9 300001138_en_xpon

Published Jun 08, 2026

Tracked Since Jun 08, 2026