Description
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Shenzhen Tenda Technology’s W20E router firmware contains a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. A crafted HTTP request can trigger the overflow and crash the device, resulting in a denial of service. This flaw is an example of improper handling of input buffers. The impact is a service outage for all devices connected to the affected router.

Affected Systems

The vulnerability affects the Tenda W20E wireless router running firmware version 15.11.0.6. No other versions are listed in the advisory.

Risk and Exploitability

The vulnerability is remote, accessed over HTTP, and does not require authentication as described. EPSS data is unavailable and the issue is not listed in CISA KEV, indicating no documented exploitation yet. However, a buffer overflow can be triggered from any network that can reach the router’s HTTP API, making it potentially exploitable by adversaries with network access to the device.

Generated by OpenCVE AI on June 9, 2026 at 21:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router to the latest firmware that removes the buffer overflow in the DHCP rule configuration functionality.
  • If a firmware upgrade is not immediately possible, isolate the router from external networks or block HTTP access to the management interface to reduce the attack surface.
  • Continuously monitor the router’s operational status for unexpected reboots or performance degradation that may indicate exploitation attempts.

Generated by OpenCVE AI on June 9, 2026 at 21:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda W20E DHCP Settings Enables DoS
Weaknesses CWE-119

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-09T19:31:08.159Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36819

cve-icon Vulnrichment

Updated: 2026-06-09T19:31:02.475Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:47.590

Modified: 2026-06-09T21:17:11.060

Link: CVE-2026-36819

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T21:45:05Z

Weaknesses