Description
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow exists in the webAuthUserInfo parameter of the formAddWebAuthUser function in Shenzhen Tenda Technology Co., Ltd’s Tenda W15E firmware version 15.11.0.10. The overflow is triggered by crafting a specific HTTP request, and an attacker can exploit it to crash the web authentication service, resulting in a denial of service. The vulnerability does not disclose remote code execution or data leakage, but it can cause disruption of network management and access control for affected devices.

Affected Systems

The flaw is present in the Tenda W15E router running firmware version 15.11.0.10. No other vendors or products are implicated by the current advisory. Users who operate this specific firmware revision should be aware of the risk.

Risk and Exploitability

The CVE is not listed in the CISA KEV catalog and no EPSS score is available, indicating limited information on public exploitation. The description states that attackers can trigger the bug by sending a crafted HTTP request to the webAuthUserInfo parameter; the need for authentication is not mentioned, so the likely attack vector is via an unauthenticated external HTTP request, but this is inferred rather than explicitly stated. The lack of remote code execution confines the impact to availability only. A successful exploit can crash the web authentication service, disrupting network management and access control for the affected device.

Generated by OpenCVE AI on June 9, 2026 at 22:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router to a newer firmware revision that eliminates the buffer overflow, if one is released by Shenzhen Tenda
  • Configure the device to disable or restrict access to the formAddWebAuthUser endpoint, such as requiring authentication or limiting the IP ranges that can issue requests
  • Apply network-layer filtering or a web‑application firewall rule to block malformed payloads that target the webAuthUserInfo parameter

Generated by OpenCVE AI on June 9, 2026 at 22:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda W15E Web Authentication Service Causes Denial of Service
Weaknesses CWE-119

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-09T18:12:50.053Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36808

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:46.520

Modified: 2026-06-09T19:35:05.693

Link: CVE-2026-36808

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:00:15Z

Weaknesses