Description
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the gotoUrl parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow occurs in the gotoUrl parameter of the formPortalAuth function in the firmware of the Shenzhen Tenda Technology Co., Ltd Tenda W15E router running version 15.11.0.10. Overly large input values are not properly validated, causing the service to crash and the device to reboot or become unresponsive. This results in a denial of network connectivity for any host relying on the affected router.

Affected Systems

The vulnerability affects Shenzhen Tenda Technology Co., Ltd Tenda W15E network appliances with firmware 15.11.0.10. No other versions or products are listed in the current record.

Risk and Exploitability

The flaw is exploitable over the network through a crafted HTTP request directed at the formPortalAuth endpoint. The CVSS score is 7.5 and the EPSS score is <1%, indicating the likelihood of exploitation remains low but non‑zero. The attack vector is clear and the impact is complete service disruption. The vulnerability is not registered in CISA’s Known Exploited Vulnerabilities catalog, but a DoS can be achieved without additional privileges.

Generated by OpenCVE AI on June 10, 2026 at 21:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Shenzhen Tenda Technology website or support portal for any firmware updates that address the formPortalAuth buffer overflow.
  • If a patch is available, apply the updated firmware to the device.
  • As an interim protection, block or rate‑limit HTTP traffic targeting the formPortalAuth endpoint using firewall or router access control rules.
  • If no patch emerges, consider replacing the device with a model that receives ongoing security support.

Generated by OpenCVE AI on June 10, 2026 at 21:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in formPortalAuth Parameter Causes DoS on Tenda W15E Router

Wed, 10 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda w15e
Vendors & Products Tenda
Tenda w15e

Tue, 09 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in formPortalAuth Parameter Causes DoS on Tenda W15E Router
Weaknesses CWE-120

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the gotoUrl parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

Tenda W15e
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-10T19:31:58.707Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36810

cve-icon Vulnrichment

Updated: 2026-06-10T19:04:27.162Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:46.760

Modified: 2026-06-10T20:17:10.740

Link: CVE-2026-36810

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T22:00:08Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')