CVE-2026-36810
Deferred Deferred - Pending Action
Buffer Overflow in Tenda W15E Router

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the gotoUrl parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-36810
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
shenzhen_tenda_technology_co_ltd tenda_w15e 15.11.0.10
tenda w15e 15.11.0.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2026-36810 vulnerability affects the Tenda W15E V15.11.0.10 router, specifically in the formPortalAuth function.

This function retrieves user-controlled HTTP parameters, such as the gotoUrl parameter, via WebsGetVar.

The vulnerability occurs because the gotoUrl parameter is copied using strcpy without proper bounds checking, leading to a buffer overflow.

An attacker can exploit this by sending a crafted HTTP request with an excessively long gotoUrl parameter (for example, 888 or more 'a' characters) to the formPortalAuth CGI endpoint.

Impact Analysis

Exploiting this vulnerability can cause a Denial of Service (DoS) on the affected device.

Specifically, the device may crash or become unstable when processing the crafted HTTP request with the malicious gotoUrl parameter.

Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-36810 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability can be detected by monitoring for HTTP requests sent to the formPortalAuth CGI endpoint that contain an excessively long gotoUrl parameter.

Specifically, an attacker exploits the vulnerability by sending a crafted HTTP request with 888 or more 'a' characters in the gotoUrl parameter.

To detect this on your network or system, you can use network monitoring tools or command-line utilities to inspect HTTP traffic for unusually long gotoUrl parameters targeting the formPortalAuth endpoint.

  • Use tcpdump or tshark to capture HTTP traffic and filter requests to formPortalAuth, then check the length of the gotoUrl parameter.
  • Example command with tshark: tshark -Y 'http.request.uri contains "formPortalAuth"' -T fields -e http.request.uri | grep -E 'gotoUrl=.{888,}'
  • Alternatively, use grep on saved HTTP logs to find requests with a very long gotoUrl parameter.
Mitigation Strategies

Immediate mitigation steps include preventing attackers from sending crafted HTTP requests with excessively long gotoUrl parameters to the formPortalAuth endpoint.

This can be done by implementing input validation or filtering at the network perimeter or on the device itself to block requests with unusually long parameters.

Additionally, consider restricting access to the formPortalAuth endpoint to trusted users or networks only.

If possible, update the device firmware to a version that patches this buffer overflow vulnerability once available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36810. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart