CVE-2026-36806
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-36806
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda w15e 15.11.0.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2026-36806 vulnerability affects the Tenda W15E V15.11.0.10 router and involves a buffer overflow in the formModifyWebAuthUser function.

This function retrieves user-controlled HTTP parameters (webAuthUser and webAuthUserPwd) and uses them in a sprintf command without proper bounds checking.

When the parameters WebAuthUserIndex, webAuthUser, and webAuthUserPwd are not null, an attacker can send a crafted HTTP request with very long parameter values, causing a buffer overflow.

This buffer overflow can lead to a denial of service by crashing the process or causing device instability.

Impact Analysis

This vulnerability can be exploited by an attacker to cause a denial of service (DoS) on the affected Tenda W15E router.

By sending a specially crafted HTTP request with long parameter values, the attacker can crash the router's process or make the device unstable.

This can result in loss of network connectivity or interruption of services relying on the router.

Detection Guidance

This vulnerability can be detected by monitoring for crafted HTTP requests targeting the formModifyWebAuthUser function on the Tenda W15E V15.11.0.10 router. Specifically, detection involves identifying HTTP requests where the parameters WebAuthUserIndex, webAuthUser, and webAuthUserPwd are present and where webAuthUser and webAuthUserPwd contain unusually long strings (e.g., 888 or more repeated characters).

A practical approach is to capture HTTP traffic to the router and search for requests with these parameters having excessively long values.

  • Use a network packet capture tool like tcpdump or Wireshark to capture HTTP traffic to the router.
  • Run a command such as: tcpdump -A -s 0 'tcp port 80 and host <router_ip>' to capture HTTP requests.
  • Search captured traffic for HTTP POST requests containing parameters WebAuthUserIndex, webAuthUser, and webAuthUserPwd with very long values (e.g., using grep or similar tools).
  • Example grep command: grep -E 'webAuthUserPwd=.{888,}' captured_traffic.txt
Mitigation Strategies

To mitigate this vulnerability immediately, you should restrict or block HTTP requests that contain excessively long values in the webAuthUserPwd and webAuthUser parameters to prevent exploitation.

Additional immediate steps include:

  • Implement firewall or intrusion prevention system (IPS) rules to detect and block HTTP requests with suspiciously long parameter values targeting the formModifyWebAuthUser function.
  • Limit access to the router's web interface to trusted networks or IP addresses only.
  • Monitor the router for crashes or instability that may indicate exploitation attempts.
  • Check for and apply any available firmware updates or patches from the vendor addressing this vulnerability.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36806. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart