CVE-2026-36802 - Vulnerability Details

- Buffer Overflow in SafeMacFilter Causes Denial of Service on Tenda PW201A

Description

Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the SafeMacFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Published: 2026-06-09

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerable software is Shenzhen Tenda Technology’s router firmware, Tenda PW201A version 1.0.5. A buffer overflow (CWE-120) exists in the SafeMacFilter function’s page parameter, which can be triggered by a crafted HTTP request. The overflow corrupts memory and causes the device to crash, resulting in a denial of service for any user on that network. No information indicates a possibility of remote code execution or privilege escalation; the impact is limited to availability only.

Affected Systems

Shenzhen Tenda Technology’s router product, Tenda PW201A, firmware version 1.0.5 is affected. No additional versions or variants are listed.

Risk and Exploitability

The EPSS score is <1% and the vulnerability is not listed in the CISA KEV catalog, suggesting a lower probability of widespread exploitation but a high potential impact if an attacker can deliver a malicious HTTP request to the device. The CVSS score of 7.5 indicates moderate to high severity. The primary attack vector is inferred to be remote over HTTP, based on the description that the exploit is triggered by a crafted HTTP request; an attacker must be able to communicate with the router, either locally or over the internet if the device is exposed. Given the nature of buffer overflows, a successful exploit would lead to a crash of the SafeMacFilter process, rendering the device unavailable until a reboot or firmware reset occurs.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Tenda

Pw201a

75%

Version	Status	Scheme	Platform
`1.0.5`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the firmware to the latest version released by Shenzhen Tenda Technology, which addresses the known vulnerability.
If no new firmware is available, isolate the device from untrusted networks and monitor for repeated crashes as a mitigation.
Consider disabling the SafeMacFilter feature if it can be turned off by the device configuration, reducing the attack surface.

Generated by OpenCVE AI on June 10, 2026 at 23:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00309.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/xhh0124/SemVulLLM/tree/main/PW201A/SafeMacFilter

History

Wed, 10 Jun 2026 23:30:00 +0000

Type	Values Removed	Values Added
Title		Buffer Overflow in SafeMacFilter Causes Denial of Service on Tenda PW201A

Wed, 10 Jun 2026 21:00:00 +0000

Type	Values Removed	Values Added
Title	Buffer Overflow in SafeMacFilter Triggers DoS in Tenda PW201A
Weaknesses	CWE-119

Wed, 10 Jun 2026 18:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-120
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 10 Jun 2026 03:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda Tenda pw201a
Vendors & Products		Tenda Tenda pw201a

Tue, 09 Jun 2026 22:45:00 +0000

Type	Values Removed	Values Added
Title		Buffer Overflow in SafeMacFilter Triggers DoS in Tenda PW201A
Weaknesses		CWE-119

Tue, 09 Jun 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the SafeMacFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References		https://github.com/xhh0124/SemVulLLM/tree/main/PW201A/SafeMacFilter

Subscriptions

Tenda Pw201a

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-06-09T00:00:00.000Z

Updated: 2026-06-10T17:46:48.330Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36802

Vulnrichment

Updated: 2026-06-10T17:45:48.441Z

NVD

Status : Deferred

Published: 2026-06-09T19:17:45.890

Modified: 2026-06-10T18:16:46.080

Link: CVE-2026-36802

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-10T23:15:28Z

Weaknesses

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object