Description
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the hostname parameter of the formSetNetCheckTools function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Shenzhen Tenda Technology Co., Ltd. disclosed a buffer overflow flaw in the hostname parameter of the formSetNetCheckTools function in its Tenda W15E router firmware version 15.11.0.10. The overflow occurs when an attacker sends a specially crafted HTTP request containing an overly long hostname, which can cause the router’s software to crash and become unresponsive. The vulnerability does not provide code execution or sensitive data exposure; it simply makes the device unavailable until re‑started, leading to a denial of service for users on the affected network.

Affected Systems

The issue affects routers running the Tenda W15E firmware version 15.11.0.10. No other Tenda products or firmware revisions are listed as vulnerable. The flaw resides in the web‑based configuration interface of the device.

Risk and Exploitability

An attacker with network access to the router’s HTTP management interface can trigger the overflow by sending a malicious request to the formSetNetCheckTools endpoint. Because the vulnerability is triggered remotely, the risk is contingent on the router’s exposure to untrusted networks. The EPSS score is unavailable and the vulnerability is not listed in CISA’s KEV catalog; however, the CVSS metrics are not published, so the severity is judged as a high‑impact Denial of Service. Successfully exploited, the device would be inoperable, potentially disrupting network connectivity for all hosts on the network.

Generated by OpenCVE AI on June 9, 2026 at 21:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to a version that incorporates the buffer overflow fix.
  • If an update is unavailable, block external access to the formSetNetCheckTools endpoint or disable the web configuration interface from untrusted networks.
  • Implement firewall rules to restrict HTTP management traffic to trusted LAN subnets only and monitor logs for suspicious payload lengths.

Generated by OpenCVE AI on June 9, 2026 at 21:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda w15e
Vendors & Products Tenda
Tenda w15e

Tue, 09 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title Denial of Service via Buffer Overflow in Tenda W15E Hostname Parameter
Weaknesses CWE-120
CWE-787

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the hostname parameter of the formSetNetCheckTools function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

Tenda W15e
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-09T18:12:49.450Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36815

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:47.090

Modified: 2026-06-09T19:35:05.693

Link: CVE-2026-36815

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T03:00:10Z

Weaknesses