CVE-2026-36811
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picName parameter of the formDelwebAuthPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-36811
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda w15e 15.11.0.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability CVE-2026-36811 affects the Tenda W15E router, version V15.11.0.10. It is a buffer overflow issue in the formDelwebAuthPic function. Specifically, when an attacker sends a crafted HTTP request with an excessively long picName parameter to the formDelwebAuthPic CGI endpoint, the function uses this parameter in a sprintf command to build a file path. If the picName is too long (for example, 888 or more characters), it causes a buffer overflow.

This buffer overflow can lead to a denial of service (DoS) condition, potentially causing the device to crash or become unstable.

Impact Analysis

This vulnerability can impact you by causing a denial of service (DoS) on the affected Tenda W15E router. An attacker can exploit the buffer overflow by sending a specially crafted HTTP request with a long picName parameter, which may cause the device to crash or become unstable, disrupting network connectivity and availability.

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests sent to the Tenda W15E router's formDelwebAuthPic CGI endpoint, specifically looking for unusually long picName parameters.

An example detection method is to capture and analyze HTTP traffic for requests to the endpoint containing the picName parameter with a length of 888 characters or more.

You can use network packet capture tools such as tcpdump or Wireshark to filter HTTP requests to the vulnerable endpoint.

  • tcpdump -i <interface> -A -s 0 'tcp port 80 and (((ip dst <router_ip>) and (tcp[32:4] = 0x64656c57)) or (tcp[((tcp[12]&0xf0)>>2):4] = 0x64656c57))'
  • Use grep or similar tools to search captured HTTP requests for 'picName=' parameters with very long values (e.g., length >= 888).

Alternatively, a custom script can be written to scan HTTP logs or live traffic for requests to the /formDelwebAuthPic endpoint with excessively long picName parameters.

Mitigation Strategies

To mitigate this vulnerability immediately, you should restrict or block HTTP requests to the formDelwebAuthPic CGI endpoint that contain excessively long picName parameters.

Implement input validation or filtering on the network perimeter or router to reject requests with picName parameters longer than a safe threshold (e.g., less than 888 characters).

If possible, update the router firmware to a version that patches this buffer overflow vulnerability once it becomes available from the vendor.

As a temporary measure, consider disabling or restricting access to the vulnerable CGI endpoint if it is not required for normal operation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36811. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart