Description
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow occurs in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function, allowing an attacker to send a crafted HTTP request that can crash the device and stop the router from serving traffic, resulting in a denial of service for any host relying on the router.

Affected Systems

The vulnerability affects Shenzhen Tenda Technology's Tenda W20E router, specifically firmware version 15.11.0.6.

Risk and Exploitability

The flaw can be triggered remotely over HTTP, so any host on the same network can target the router. No CVSS score is provided, but the ability to cause a crash presents a high risk to availability. EPSS is not available and the flaw is not listed in CISA's KEV catalog. An attacker with network access can exploit the vulnerability by sending a malicious request to the web interface.

Generated by OpenCVE AI on June 9, 2026 at 21:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to a version that includes the security fix.
  • Restrict access to the router's web administration interface to trusted IP ranges only.
  • Segment the network to isolate the router from critical systems and limit the blast radius of a potential DoS.

Generated by OpenCVE AI on June 9, 2026 at 21:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in webAuthWhiteUserInfo Enables DoS on Tenda W20E Router
Weaknesses CWE-119

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-09T19:31:59.429Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36820

cve-icon Vulnrichment

Updated: 2026-06-09T19:31:54.621Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:47.703

Modified: 2026-06-09T21:17:11.203

Link: CVE-2026-36820

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T21:45:05Z

Weaknesses