CVE-2026-36818 - Vulnerability Details

Description

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Published: 2026-06-09

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A buffer overflow exists in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function in Shenzhen Tenda Technology Co., Ltd Tenda W20E. A crafted HTTP request can trigger the overflow, causing the router to crash and become unavailable. The flaw does not provide code execution capabilities; its primary impact is service disruption to users of the affected device.

Affected Systems

Shenzhen Tenda Technology Co., Ltd Tenda W20E version 15.11.0.6.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, but the possibility of a denial of service can be exploited remotely via HTTP. Without a patch, repeated malicious requests could render the device inoperable, affecting connectivity for all users on the local network.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware update for Tenda W20E that resolves the buffer overflow.
If a firmware update is unavailable, disable or remove access to the vulnerable formAddWewifiWhiteUser endpoint via the router’s administration interface or by blocking the relevant HTTP requests at the network perimeter.
Configure network firewalls or access-control lists to limit or inspect traffic to the device, preventing malformed requests from reaching it.

Generated by OpenCVE AI on June 9, 2026 at 21:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/xhh0124/SemVulLLM/tree/main/W20E/formAddWewifiWhiteUser

History

Tue, 09 Jun 2026 22:00:00 +0000

Type	Values Removed	Values Added
Title		Denial of Service via Buffer Overflow in Tenda W20E FormAddWewifiWhiteUser
Weaknesses		CWE-119

Tue, 09 Jun 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References		https://github.com/xhh0124/SemVulLLM/tree/main/W20E/formAddWewifiWhiteUser

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-06-09T00:00:00.000Z

Updated: 2026-06-09T18:12:43.351Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36818

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2026-06-09T19:17:47.480

Modified: 2026-06-09T19:35:05.693

Link: CVE-2026-36818

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-09T21:45:05Z

Weaknesses

CWE-119

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object