Description
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow exists in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function in Shenzhen Tenda Technology Co., Ltd Tenda W20E. A crafted HTTP request can trigger the overflow, causing the router to crash and become unavailable. The flaw does not provide code execution capabilities; its primary impact is service disruption to users of the affected device.

Affected Systems

Shenzhen Tenda Technology Co., Ltd Tenda W20E version 15.11.0.6.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity of denial of service, while the EPSS score of < 1% shows a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. A crafted HTTP request can remotely trigger the buffer overflow, causing the device to crash and become inoperable to all local users.

Generated by OpenCVE AI on June 10, 2026 at 22:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update for Tenda W20E that resolves the buffer overflow.
  • If a firmware update is unavailable, disable or remove access to the vulnerable formAddWewifiWhiteUser endpoint via the router’s administration interface or by blocking the relevant HTTP requests at the network perimeter.
  • Configure network firewalls or access-control lists to limit or inspect traffic to the device, preventing malformed requests from reaching it.

Generated by OpenCVE AI on June 10, 2026 at 22:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda W20E Form Leading to DoS

Wed, 10 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via Buffer Overflow in Tenda W20E FormAddWewifiWhiteUser
Weaknesses CWE-119

Wed, 10 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda w20e
Vendors & Products Tenda
Tenda w20e

Tue, 09 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title Denial of Service via Buffer Overflow in Tenda W20E FormAddWewifiWhiteUser
Weaknesses CWE-119

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

Tenda W20e
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-10T19:31:26.745Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36818

cve-icon Vulnrichment

Updated: 2026-06-10T19:01:14.158Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:47.480

Modified: 2026-06-10T20:17:24.320

Link: CVE-2026-36818

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T22:30:22Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')