CVE-2026-36808

Deferred Deferred - Pending Action

Buffer Overflow in Tenda W15E Router Firmware

Publication date: 2026-06-09

Last updated on: 2026-06-10

Assigner: MITRE

Description

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-10

Generated

2026-06-30

AI Q&A

2026-06-10

EPSS Evaluated

2026-06-28

NVD

CVE-2026-36808

Affected Vendors & Products

Vendor	Product	Version / Range
shenzhen_tenda_technology_co_ltd	tenda_w15e	15.11.0.10
tenda	tenda_w15e	15.11.0.10
tenda	w15e	15.11.0.10

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-120	The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

Compliance Impact

The provided information does not include any details on how the CVE-2026-36808 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability can be detected by monitoring for unusual or malformed HTTP requests targeting the formAddWebAuthUser function, specifically those containing an excessively long webAuthUserInfo parameter.

An example of such a crafted HTTP request includes a webAuthUserInfo parameter with around 888 'a' characters followed by 50 or more newline characters.

To detect exploitation attempts on your network, you can use network traffic inspection tools like tcpdump or Wireshark to capture HTTP requests to the router and filter for unusually long webAuthUserInfo parameters.

Use tcpdump to capture HTTP traffic to the router's IP on port 80 or 443: tcpdump -i <interface> host <router_ip> and port 80 -w capture.pcap
Analyze the capture with Wireshark or tshark to filter HTTP POST requests containing the webAuthUserInfo parameter with suspiciously long values.
Alternatively, use command-line tools like curl or wget to send test requests with long webAuthUserInfo parameters to verify if the device is vulnerable.

Executive Summary

The vulnerability exists in Shenzhen Tenda Technology Co., Ltd Tenda W15E version v15.11.0.10. It is a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This means that when this parameter is given specially crafted input, it can overflow the buffer and cause unexpected behavior.

An attacker can exploit this by sending a crafted HTTP request that triggers the buffer overflow.

Impact Analysis

This vulnerability can be exploited to cause a Denial of Service (DoS) condition. This means that an attacker can make the affected device or service unavailable or unresponsive by sending a malicious HTTP request.

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable router's web interface to trusted networks only, such as by using firewall rules or network segmentation.

Avoid exposing the router's management interface to the internet or untrusted networks.

Monitor the device for signs of instability or crashes that may indicate exploitation attempts.

If available, update the router firmware to a version that patches this vulnerability.

If no patch is available, consider disabling or limiting the use of the webAuthUserInfo parameter or the affected function if possible.

Hi! I’m here to help you understand CVE-2026-36808. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70