CVE-2026-36816
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-36816
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda w15e 15.11.0.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-36816 is a buffer overflow vulnerability found in the Tenda W15E V15.11.0.10 router, specifically in the formAddWewifiWhiteUser function. This function processes the wewifiWhiteUserInfo parameter from HTTP requests. An attacker can send a specially crafted HTTP request containing a very long string to this parameter, which causes the buffer to overflow due to improper handling of string length and memory boundaries. This overflow leads to memory corruption.

The vulnerable function uses operations like strchr and strncpy on user-controlled input without proper bounds checking, allowing the crafted input to exceed the buffer size. Importantly, this endpoint is accessible without authentication, meaning anyone can exploit it remotely.

Impact Analysis

The primary impact of this vulnerability is a Denial of Service (DoS). By exploiting the buffer overflow, an attacker can cause the router to crash or become unstable, disrupting network connectivity and availability.

Since the vulnerability can be triggered remotely without authentication, it poses a significant risk to the availability of the affected device and any network relying on it.

Detection Guidance

This vulnerability can be detected by monitoring for specially crafted HTTP requests sent to the formAddWewifiWhiteUser CGI endpoint on the Tenda W15E router. Specifically, look for HTTP requests containing the wewifiWhiteUserInfo parameter with an unusually long string (e.g., 500 or more repeated characters followed by a newline).

To detect such attempts, you can use network traffic inspection tools like tcpdump or Wireshark to capture HTTP requests targeting the vulnerable endpoint.

  • Use tcpdump to capture HTTP requests to the vulnerable endpoint: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'formAddWewifiWhiteUser'
  • Use curl or similar tools to test the endpoint by sending a crafted HTTP POST request with a long wewifiWhiteUserInfo parameter to see if the device responds abnormally.
Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable formAddWewifiWhiteUser CGI endpoint to trusted networks only, such as by implementing firewall rules that block external HTTP requests to the device.

Additionally, monitor the device for crashes or instability that may indicate exploitation attempts.

If possible, update the device firmware to a version that addresses this vulnerability once it becomes available from the vendor.

Compliance Impact

The provided information does not specify any direct impact of the vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36816. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart