CVE-2026-36809 - Vulnerability Details

- Buffer Overflow Vulnerability in Tenda W15E Web Authentication White List Parameter Causes DoS

Description

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Published: 2026-06-09

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A buffer overflow exists in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function in Shenzhen Tenda Technology Co., Ltd Tenda W15E firmware version 15.11.0.10. An attacker can exploit this flaw by sending a specially crafted HTTP request that overflows the buffer, causing the router’s web service to terminate unexpectedly and leading to a denial of service. The vulnerability’s underlying weakness is a classic buffer overflow and is categorized under CWE-120.

Affected Systems

This vulnerability is specifically tied to the Tenda W15E router device running firmware 15.11.0.10. No other vendors or product versions are listed, so the impact is confined to that single firmware release.

Risk and Exploitability

The EPSS score for this issue is <1%, and it is not currently listed in CISA’s KEV catalog, but the lack of a high exploitation probability does not diminish the threat of a DoS. The CVSS score of 7.5 indicates a High severity. A remote attacker with network access to the router can trigger the overflow as soon as the device is reachable, potentially disrupting network connectivity for all attached clients. Because the flaw affects only the device’s availability, the impact is limited to service downtime, but the attack window is wide and the condition is straightforward: any external or internal user who can send HTTP traffic to the router’s management interface can exploit it.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Tenda

W15e

100%

Version	Status	Scheme	Platform
`15.11.0.10`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the official firmware upgrade that addresses the buffer overflow if available from Tenda.
If an update is not yet released, isolate the router by blocking inbound HTTP/HTTPS traffic to its management interface from untrusted networks or by placing the router on a separate VLAN with restricted access.
As a temporary measure, reduce the exposure by disabling the webAuthWhiteID functionality or limiting web interface access through ACLs or firewall rules.

Generated by OpenCVE AI on June 10, 2026 at 23:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00309.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formModifyWebAuthWhiteUser

History

Thu, 11 Jun 2026 00:00:00 +0000

Type	Values Removed	Values Added
Title		Buffer Overflow Vulnerability in Tenda W15E Web Authentication White List Parameter Causes DoS

Wed, 10 Jun 2026 22:15:00 +0000

Type	Values Removed	Values Added
Title	Buffer Overflow in Tenda W15E WebAuthWhiteID Causes DoS
Weaknesses	CWE-787

Wed, 10 Jun 2026 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 10 Jun 2026 11:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda Tenda w15e
Vendors & Products		Tenda Tenda w15e

Tue, 09 Jun 2026 22:00:00 +0000

Type	Values Removed	Values Added
Title		Buffer Overflow in Tenda W15E WebAuthWhiteID Causes DoS
Weaknesses		CWE-120 CWE-787

Tue, 09 Jun 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References		https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formModifyWebAuthWhiteUser

Subscriptions

Tenda W15e

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-06-09T00:00:00.000Z

Updated: 2026-06-10T19:32:06.127Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36809

Vulnrichment

Updated: 2026-06-10T19:04:28.263Z

NVD

Status : Deferred

Published: 2026-06-09T19:17:46.650

Modified: 2026-06-10T20:17:08.157

Link: CVE-2026-36809

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-10T23:45:44Z

Weaknesses

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object