A buffer overflow exists in the webAuthUserPwd parameter within the formAddWebAuthUser function of Shenzhen Tenda Technology’s Tenda W15E router firmware version 15.11.0.10. The vulnerability allows an attacker to send a specially crafted HTTP request that overflows a buffer and causes the web authentication service to crash, resulting in a denial of service for users of the router’s management interface. The CVE description does not explicitly state that confidentiality or integrity are compromised, so the impact appears limited to service disruption. The weakness is identified as CWE-120.

The issue affects the Tenda W15E wireless router running firmware v15.11.0.10. The description lists only this product; no other vendors or product lines are mentioned as affected, so it is inferred that other devices are not impacted by this specific flaw.

The likely attack vector is a network‑local HTTP request to the router’s web management interface, implying that an attacker with network reachability to the device could trigger the failure. The CVSS score of 7.5 indicates a high severity, while the EPSS score of <1% shows a low current probability of exploitation; the flaw is not listed in CISA’s KEV catalog, indicating limited public exploitation activity so far. The high potential to disrupt network service by rendering the router’s web interface unresponsive makes this flaw a significant operational risk for affected deployments.