Description
Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the qossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow exists in the page parameter of the qossetting function in Tenda PW201A v1.0.5, allowing an attacker to supply a crafted HTTP request that triggers a crash of the service. The flaw is a classic out‑of‑bounds write, which disrupts program execution and causes the device to become unavailable. It does not directly compromise confidentiality or integrity but results in a service outage.

Affected Systems

Shenzhen Tenda Technology Co., Ltd Tenda PW201A firmware version 1.0.5 is affected. No other products or versions are mentioned.

Risk and Exploitability

The vulnerability is a Denial of Service; the EPSS score of < 1% indicates a low likelihood of exploitation, and it is not listed in the CISA KEV catalog. The CVSS score of 7.5 reflects a high severity impact. An attacker could target the device by sending a crafted HTTP request that overflows the page parameter buffer, but successful exploitation would require direct network access to the vulnerable firmware. While exploitation is considered unlikely, the potential for service disruption remains significant.

Generated by OpenCVE AI on June 10, 2026 at 20:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • If a firmware update containing a fix is available, apply it immediately.
  • Restrict network access to the device by placing it behind a firewall and limiting exposure to untrusted IP ranges.
  • Disable the qossetting functionality or disable remote HTTP management if not needed, and monitor device logs for abnormal request patterns.

Generated by OpenCVE AI on June 10, 2026 at 20:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Title qossetting Page Parameter Buffer Overflow Causing DoS in Tenda PW201A

Wed, 10 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda pw201a
Vendors & Products Tenda
Tenda pw201a

Tue, 09 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title qossetting Page Parameter Buffer Overflow Causing DoS in Tenda PW201A
Weaknesses CWE-120

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the qossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

Tenda Pw201a
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-10T18:00:26.368Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36803

cve-icon Vulnrichment

Updated: 2026-06-10T17:58:59.171Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:46.027

Modified: 2026-06-10T18:16:46.327

Link: CVE-2026-36803

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T20:45:40Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')