Description
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a buffer overflow in the macAddr parameter of the formDelStaState function on the Tenda W20E router, which can be triggered by a purposely crafted HTTP request. An attacker can leverage the overflow to cause the device to crash or reboot, leading to a denial of service. The impact is limited to availability, with no evidence of remote code execution or data compromise in the provided description.

Affected Systems

Shenzhen Tenda Technology Co., Ltd. Tenda W20E running firmware version 15.11.0.6 is impacted. No additional versions were listed in the available data.

Risk and Exploitability

The vulnerability can be triggered remotely by sending an HTTP request to the affected endpoint. The attack vector is inferred from the mention of a crafted HTTP request; no additional prerequisites are described. The EPSS score is not available, so the exploitation probability cannot be quantified. The CVSS score is not provided, but the lack of a KEV entry indicates it is not currently listed in CISA's Known Exploited Vulnerabilities catalog. The risk is primarily the potential for sustained denial of service, which could affect network operations if the router serves critical network functions.

Generated by OpenCVE AI on June 9, 2026 at 21:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Tenda W20E device to the latest firmware released by Shenzhen Tenda Technology, which should patch the buffer overflow.
  • Restrict external access to the router’s management interface, for example by configuring firewall rules or network segmentation, to limit exposure of the vulnerable endpoint.
  • Monitor the device’s logs and network traffic for anomalous activity such as repeated failed requests to the formDelStaState path and apply intrusion detection rules accordingly.

Generated by OpenCVE AI on June 9, 2026 at 21:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda W20E formDelStaState Leading to DoS
Weaknesses CWE-119

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-09T19:34:20.074Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36822

cve-icon Vulnrichment

Updated: 2026-06-09T19:34:09.740Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:47.947

Modified: 2026-06-09T21:17:11.503

Link: CVE-2026-36822

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T21:45:05Z

Weaknesses