Description
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picName parameter of the formDelwebAuthPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Shenzhen Tenda Technology’s W15E router firmware version 15.11.0.10 contains a buffer overflow in the picName parameter of the formDelwebAuthPic handler. A crafted HTTP request with an oversized payload can trigger the overflow, causing the web interface to crash and rendering the device unavailable. The vulnerability is an out‑of‑bounds write and does not affect authentication or privilege levels; its effect is limited to availability disruption.

Affected Systems

The affected device is the Tenda W15E router running firmware 15.11.0.10. No other versions or variants were identified in the available data.

Risk and Exploitability

The flaw requires direct network access to the router’s HTTP interface, so the most likely attack vector is a remote attacker sending a malicious request. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating no widespread exploitation has been documented. Nonetheless, a buffer overflow can reliably crash the service, presenting a high‑severity denial of service risk for any user owning such a device.

Generated by OpenCVE AI on June 9, 2026 at 22:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official firmware update that removes the buffer overflow flaw.
  • If no update is available, block or restrict access to the HTTP endpoint that processes formDelwebAuthPic requests using the router’s firewall or access control settings.
  • Implement input validation that limits the size of picName parameters and performs bounds checking to prevent out‑of‑win boundary writes.

Generated by OpenCVE AI on June 9, 2026 at 22:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda W15E formDelwebAuthPic Causing Denial of Service
Weaknesses CWE-119
CWE-120

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picName parameter of the formDelwebAuthPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-09T18:12:43.150Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36811

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:46.873

Modified: 2026-06-09T19:35:05.693

Link: CVE-2026-36811

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:15:15Z

Weaknesses