Description
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow exists in the webAuthUserPwd parameter of the formModifyWebAuthUser function in Shenzhen Tenda Technology Co., Ltd Tenda W15E firmware 15.11.0.10. When an attacker sends a specially crafted HTTP request, the overflow can corrupt memory and cause the web service to crash, interrupting normal router operation. The vulnerability is a classic out‑of‑bounds memory write that leads to a service crash rather than arbitrary code execution.

Affected Systems

The affected product is the Tenda W15E router running firmware version 15.11.0.10. No other vendors or product versions are listed as affected.

Risk and Exploitability

The exploit can be performed remotely by any entity with network access to the router’s web management interface, using a crafted HTTP request to the webAuthUserPwd field. The EPSS score is not available, so the current exploitation probability is unknown, but the lack of a public fix coupled with the ease of triggering the overflow indicates a moderate to high risk for nearby networks. The vulnerability is not listed in the CISA KEV catalog, but the defensive posture should treat it with the same urgency as any unpatched buffer overflow that can cause service disruption.

Generated by OpenCVE AI on June 9, 2026 at 21:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to the latest version released by Tenda that addresses the buffer overflow in the webAuthUserPwd handling
  • If no firmware update is available, disable or restrict access to the router’s web management interface behind a firewall or VPN so that only trusted administrators can reach it
  • Continuously monitor router logs for abnormal HTTP request patterns targeting the webAuthUserPwd parameter, and consider blocking suspicious IP addresses

Generated by OpenCVE AI on June 9, 2026 at 21:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda W15E Web Authentication Causes DoS
Weaknesses CWE-119

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-09T18:12:43.850Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36806

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:46.293

Modified: 2026-06-09T19:35:05.693

Link: CVE-2026-36806

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T21:45:05Z

Weaknesses