Description
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Published: 2026-06-09
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow was discovered in the webAuthUserInfo parameter of the formAddWebAuthUser function in Shenzhen Tenda Technology Tenda W20E v15.11.0.6. The flaw allows an attacker to overflow a memory buffer with a crafted HTTP request, causing the target process to crash and denying legitimate users access to the device's web interface. The immediate result is a denial of service without impacting confidentiality or integrity of stored data.

Affected Systems

Shenzhen Tenda Technology Co., Ltd Tenda W20E routers running firmware version 15.11.0.6 are affected. No other vendor or product versions are listed as impacted from the available data.

Risk and Exploitability

Information on CVSS and EPSS scores is not provided, and the vulnerability is not listed in CISA KEV. Based on the description, the attack vector is likely network-based, requiring an attacker to send a specially crafted HTTP request to the vulnerable endpoint. Successful exploitation leads to a service crash, which can be disruptive in environments where the router’s web interface is mission critical. The lack of reported exploitation data suggests the risk may be moderate, but the potential for downtime warrants immediate attention.

Generated by OpenCVE AI on June 9, 2026 at 21:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disconnect the device or reboot to temporarily restore service
  • When a vendor firmware update is available, install it immediately on all affected routers
  • Configure network firewalls or ACLs to block or rate‑limit access to the formAddWebAuthUser endpoint until a patch is applied

Generated by OpenCVE AI on June 9, 2026 at 21:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda W20E Web Authentication Leading to Denial of Service
Weaknesses CWE-119

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-09T19:23:54.055Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36823

cve-icon Vulnrichment

Updated: 2026-06-09T19:23:49.311Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:17:48.070

Modified: 2026-06-09T20:16:43.580

Link: CVE-2026-36823

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T21:45:05Z

Weaknesses