A buffer overflow exists in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function in Shenzhen Tenda Technology Co., Ltd Tenda W15E firmware version 15.11.0.10. An attacker can exploit this flaw by sending a specially crafted HTTP request that overflows the buffer, causing the router’s web service to terminate unexpectedly and leading to a denial of service. The vulnerability’s underlying weakness is a classic buffer overflow and is categorized under CWE-120.

This vulnerability is specifically tied to the Tenda W15E router device running firmware 15.11.0.10. No other vendors or product versions are listed, so the impact is confined to that single firmware release.

The EPSS score for this issue is not available, and it is not currently listed in CISA’s KEV catalog, but the lack of an exploit probability metric does not diminish the threat of a DoS. A remote attacker with network access to the router can trigger the overflow as soon as the device is reachable, potentially disrupting network connectivity for all attached clients. Because the flaw affects only the device’s availability, the impact is limited to service downtime, but the attack window is wide and the condition is straightforward: any external or internal user who can send HTTP traffic to the router’s management interface can exploit it.