CVE-2026-36810
Deferred Deferred - Pending Action

Buffer Overflow in Tenda W15E Router

Publication date: 2026-06-09

Last updated on: 2026-06-10

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the gotoUrl parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-10
Generated
2026-06-30
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2026-36810

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
shenzhen_tenda_technology_co_ltd tenda_w15e 15.11.0.10
tenda w15e 15.11.0.10

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The CVE-2026-36810 vulnerability affects the Tenda W15E V15.11.0.10 router, specifically in the formPortalAuth function.

This function retrieves user-controlled HTTP parameters, such as the gotoUrl parameter, via WebsGetVar.

The vulnerability occurs because the gotoUrl parameter is copied using strcpy without proper bounds checking, leading to a buffer overflow.

An attacker can exploit this by sending a crafted HTTP request with an excessively long gotoUrl parameter (for example, 888 or more 'a' characters) to the formPortalAuth CGI endpoint.

Impact Analysis

Exploiting this vulnerability can cause a Denial of Service (DoS) on the affected device.

Specifically, the device may crash or become unstable when processing the crafted HTTP request with the malicious gotoUrl parameter.

Detection Guidance

This vulnerability can be detected by monitoring for HTTP requests sent to the formPortalAuth CGI endpoint that contain an excessively long gotoUrl parameter.

Specifically, an attacker exploits the vulnerability by sending a crafted HTTP request with 888 or more 'a' characters in the gotoUrl parameter.

To detect this on your network or system, you can use network monitoring tools or command-line utilities to inspect HTTP traffic for unusually long gotoUrl parameters targeting the formPortalAuth endpoint.

  • Use tcpdump or tshark to capture HTTP traffic and filter requests to formPortalAuth, then check the length of the gotoUrl parameter.
  • Example command with tshark: tshark -Y 'http.request.uri contains "formPortalAuth"' -T fields -e http.request.uri | grep -E 'gotoUrl=.{888,}'
  • Alternatively, use grep on saved HTTP logs to find requests with a very long gotoUrl parameter.
Mitigation Strategies

Immediate mitigation steps include preventing attackers from sending crafted HTTP requests with excessively long gotoUrl parameters to the formPortalAuth endpoint.

This can be done by implementing input validation or filtering at the network perimeter or on the device itself to block requests with unusually long parameters.

Additionally, consider restricting access to the formPortalAuth endpoint to trusted users or networks only.

If possible, update the device firmware to a version that patches this buffer overflow vulnerability once available.

Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-36810 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36810. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart