Description
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a buffer overflow in the formAddWewifiWhiteUser function, triggered by an invalid wewifiWhiteUserInfo parameter. This flaw allows an attacker to overflow a memory buffer and crash the application, resulting in a denial of service. The weakness corresponds to CWE-120 – Buffer Overflow.

Affected Systems

Shenzhen Tenda Technology Co., Ltd provides the Tenda W15E router, firmware version 15.11.0.10, which is affected by this issue.

Risk and Exploitability

The vulnerability is triggered via a crafted HTTP request targeting the formAddWewifiWhiteUser endpoint. The EPSS score is < 1%, indicating a very low but nonzero exploitation probability, and the issue is not listed in CISA KEV. Attackers need only be able to reach the vulnerable HTTP service to force the device into a DoS state. The impact is limited to availability for the device and any services relying on it.

Generated by OpenCVE AI on June 10, 2026 at 23:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest firmware from Tenda when it becomes available, ensuring the buffer overflow fix is included.
  • Disable or restrict remote HTTP access to the formAddWewifiWhiteUser endpoint to prevent exploitation over the network.
  • Configure network firewalls or the device’s rate‑limiting features to block repeated or unusually large requests to the vulnerable endpoint and monitor logs for DoS activity.

Generated by OpenCVE AI on June 10, 2026 at 23:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda W15E Router formAddWewifiWhiteUser Causes DoS

Wed, 10 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda W15E Leading to Denial of Service via HTTP
Weaknesses CWE-119

Wed, 10 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda w15e
Vendors & Products Tenda
Tenda w15e

Tue, 09 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda W15E Leading to Denial of Service via HTTP
Weaknesses CWE-119

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

Tenda W15e
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-10T19:31:39.688Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36816

cve-icon Vulnrichment

Updated: 2026-06-10T19:04:23.483Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:47.250

Modified: 2026-06-10T20:17:18.910

Link: CVE-2026-36816

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T23:45:44Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')