CVE Catalog

CVE-2026-11498

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Summary

A vulnerability was found in the function asp_voip_OtherSet located in the file /boaform/voip_other_set of the Web Management Interface in Tenda HG7HG9 and HG10 devices. Manipulating the argument funckey_transfer results in a stack-based buffer overflow.

Risk Assessment

An attacker can remotely exploit this vulnerability, potentially leading to unauthorized access or control over the device.

Recommendation

It is recommended to update the firmware of Tenda devices to the latest version to mitigate this vulnerability and to monitor logs for potential attack attempts.

Original NVD description (English source)

A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Interface. Performing a manipulation of the argument funckey_transfer results in stack-based buffer overflow. The attack is possible to be carried out remotely.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS