Stack-based Buffer Overflow in Tenda HG7/HG9/HG10 formDOMAINBLK

This repository is a minimal two-file proof-of-concept for CVE-2026-11499 affecting Tenda HG7/HG9/HG10 routers. The code consists of a single Python script, CVE-2026-11499.py, plus a README describing the vulnerability at a high level. The exploit is not part of a larger framework and is focused solely on sending a crafted HTTP POST request to the router web interface. The PoC’s core capability is denial-of-service testing via a suspected stack-based buffer overflow in the /boaform/formDOMAINBLK handler. It constructs an oversized blkDomain form value using repeated 'A' characters and submits it with additional fields (submit-url=/domainblk.asp and page=domainblk) and a Referer header pointing to /domainblk.asp. The script interprets HTTP timeout or connection failure as evidence that the router or web service crashed. An optional incremental mode increases payload size from 100 to 950 bytes in 50-byte steps to help identify an approximate crash threshold. There is no authentication bypass, shellcode delivery, reverse shell, RCE chain, persistence, or post-exploitation logic. Although the README mentions potential RCE conceptually, the actual code only demonstrates crash-oriented behavior and should be classified as a PoC DoS exploit rather than a weaponized RCE exploit. The repository structure is straightforward: one executable Python entry point and one documentation file. The main fingerprintable targets are the router management paths /boaform/formDOMAINBLK and /domainblk.asp, along with the blkDomain parameter used as the overflow vector.