Description
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow occurs in the webAuthUserPwd parameter within the formModifyWebAuthUser function of Shenzhen Tenda Technology’s Tenda W15E firmware 15.11.0.10. When a crafted HTTP request is sent, the overflow corrupts memory on the device, causing the web service to crash and the router to stop responding. The flaw is a classic out‑of‑bounds write (CWE‑121) that results only in a service interruption rather than code execution.

Affected Systems

The vulnerability affects the Tenda W15E router running firmware version 15.11.0.10. No other vendors or product versions are listed as affected.

Risk and Exploitability

The flaw can be triggered remotely by any entity with network access to the router’s web management interface using a malicious HTTP request. The EPSS score is < 1 %, indicating a very low but non‑zero exploitation probability. The CVSS score of 7.5 reflects the high impact on availability. The vulnerability is not listed in the CISA KEV catalog, so the router should be treated as having a high‑severity out‑of‑band memory‑corruption flaw that can disrupt network services.

Generated by OpenCVE AI on June 10, 2026 at 20:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router firmware to the latest version that fixes the webAuthUserPwd buffer overflow
  • If an update is not available, limit access to the router’s web management interface to trusted networks or a VPN so that only authorized administrators can reach it
  • Continuously monitor router logs for anomalous HTTP requests targeting the webAuthUserPwd field and enforce firewall rules to block suspicious IP addresses

Generated by OpenCVE AI on June 10, 2026 at 20:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda W15E WebAuthUserPwd Causes Denial of Service

Wed, 10 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda W15E Web Authentication Causes DoS
Weaknesses CWE-119

Wed, 10 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda w15e
Vendors & Products Tenda
Tenda w15e

Tue, 09 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda W15E Web Authentication Causes DoS
Weaknesses CWE-119

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

Tenda W15e
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-10T16:13:57.390Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36806

cve-icon Vulnrichment

Updated: 2026-06-10T16:13:53.264Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:46.293

Modified: 2026-06-10T17:16:32.930

Link: CVE-2026-36806

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T20:45:40Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow