Description
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Shenzhen Tenda Technology’s Tenda W15E router version 15.11.0.10 has a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. An attacker can send a specially crafted HTTP request that overflows the buffer, causing the device to crash or become unresponsive. The primary impact is a denial of service, denying legitimate users access to the router's web interface and potentially disrupting network connectivity. The weakness is an improper restriction of operations within the bounds of a memory buffer.

Affected Systems

This vulnerability is specific to the Tenda W15E router produced by Shenzhen Tenda Technology. The affected firmware version is 15.11.0.10, the only version mentioned in the advisory. If other firmware revisions exist, they have not been identified as affected.

Risk and Exploitability

No EPSS score is available and the vulnerability is not listed in CISA’s KEV catalog, suggesting it is not a known or actively exploited issue at this time. The attack vector is an externally reachable HTTP request to the formAddWebAuthWhiteUser endpoint, which can be executed from any network segment with access to the device. While the risk of denial of service exists, the likelihood of exploitation remains unclear due to the lack of public exploitation data.

Generated by OpenCVE AI on June 9, 2026 at 21:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router firmware to a version that removes the buffer overflow in formAddWebAuthWhiteUser
  • If an upgrade is unavailable, restrict access to the router’s web interface to trusted networks only, or disable the affected function via configuration if possible
  • Implement monitoring for anomalous HTTP traffic to the router and set alerts for repeated attempts to trigger the formAddWebAuthWhiteUser endpoint

Generated by OpenCVE AI on June 9, 2026 at 21:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title DoS via Buffer Overflow in Tenda W15E WebAuth Parameter
Weaknesses CWE-119

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-09T18:12:55.551Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36817

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:47.363

Modified: 2026-06-09T19:35:05.693

Link: CVE-2026-36817

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T21:45:05Z

Weaknesses