Description
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the gotoUrl parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow occurs in the gotoUrl parameter of the formPortalAuth function in the firmware of the Shenzhen Tenda Technology Co., Ltd Tenda W15E router running version 15.11.0.10. Overly large input values are not properly validated, causing the service to crash and the device to reboot or become unresponsive. This results in a denial of network connectivity for any host relying on the affected router.

Affected Systems

The vulnerability affects Shenzhen Tenda Technology Co., Ltd Tenda W15E network appliances with firmware 15.11.0.10. No other versions or products are listed in the current record.

Risk and Exploitability

The flaw is exploitable over the network through a crafted HTTP request directed at the formPortalAuth endpoint. While no official CVSS score or EPSS value is available, the attack vector is clear and the impact is complete service disruption. The vulnerability is not registered in CISA’s Known Exploited Vulnerabilities catalog, but a DoS can be achieved without additional privileges.

Generated by OpenCVE AI on June 9, 2026 at 22:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Shenzhen Tenda Technology website or support portal for any firmware updates that address the formPortalAuth buffer overflow.
  • If a patch is available, apply the updated firmware to the device.
  • As an interim protection, block or rate‑limit HTTP traffic targeting the formPortalAuth endpoint using firewall or router access control rules.
  • If no patch emerges, consider replacing the device with a model that receives ongoing security support.

Generated by OpenCVE AI on June 9, 2026 at 22:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in formPortalAuth Parameter Causes DoS on Tenda W15E Router
Weaknesses CWE-120

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the gotoUrl parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-09T18:12:50.756Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36810

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:46.760

Modified: 2026-06-09T19:35:05.693

Link: CVE-2026-36810

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:15:15Z

Weaknesses