CVE-2026-36807
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-36807
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda w15e 15.11.0.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2026-36807 vulnerability affects the Tenda W15E router, specifically in the formAddWebAuthUser function of its firmware version V15.11.0.10.

This function processes HTTP parameters, including webAuthUserInfo, using functions like strchr and strncpy.

An attacker can exploit this vulnerability by sending a crafted HTTP request with an excessively long webAuthUserInfo parameter, which causes a buffer overflow.

This buffer overflow can lead to denial of service (DoS) conditions such as process crashes or device instability.

The vulnerable path is easily accessible, making exploitation straightforward.

Impact Analysis

This vulnerability can be exploited to cause a denial of service (DoS) on the affected Tenda W15E router.

Exploitation may result in process crashes or device instability, potentially disrupting network connectivity and availability.

Since the vulnerable function is easily accessible via HTTP requests, attackers can trigger this impact remotely.

Detection Guidance

This vulnerability can be detected by monitoring for HTTP requests targeting the formAddWebAuthUser function on the Tenda W15E router firmware version V15.11.0.10, specifically those containing an excessively long webAuthUserInfo parameter.

A crafted HTTP request with around 888 'a' characters followed by 50 or more newline characters in the webAuthUserInfo parameter can trigger the buffer overflow.

To detect potential exploitation attempts, you can capture and analyze HTTP traffic to the router's web interface and look for unusually long webAuthUserInfo parameters.

  • Use a network packet capture tool like tcpdump or Wireshark to capture HTTP traffic on the router's management interface.
  • Example tcpdump command to capture HTTP traffic on interface eth0: tcpdump -i eth0 -A 'tcp port 80'
  • Filter captured HTTP requests for the formAddWebAuthUser endpoint and inspect the webAuthUserInfo parameter length.
  • Alternatively, use curl or similar tools to send test requests with long webAuthUserInfo parameters to check if the device responds abnormally or crashes.
Mitigation Strategies

Immediate mitigation steps include restricting access to the router's web management interface to trusted networks or IP addresses to prevent unauthorized HTTP requests.

Monitor the device for signs of instability or crashes that may indicate exploitation attempts.

If possible, apply firmware updates or patches provided by the vendor that address this vulnerability.

In the absence of a patch, consider disabling remote web management or using alternative secure management methods.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36807. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart