CVE-2026-36796
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk49th percentile - higher than 49% of all known CVEs
Summary
A stack overflow was discovered in the picCropName parameter of the formCropAndSetWewifiPic function in Tenda G0 version 15.11.0.5. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Risk Assessment
The organization may experience service outages, leading to a loss of user trust and potential financial losses.
Recommendation
It is recommended to update the device to the latest firmware version to mitigate this vulnerability and to monitor network traffic for potential attacks.
Original NVD description (English source)
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

