CVE-2026-36817
Deferred Deferred - Pending Action
Buffer Overflow in Tenda W15E Router Firmware

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-36817
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda w15e 15.11.0.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-36817 is a buffer overflow vulnerability found in the Tenda W15E router, specifically in version V15.11.0.10. The issue exists in the function formAddWebAuthWhiteUser, which processes an HTTP parameter called webAuthWhiteUserInfo. An attacker can send a specially crafted HTTP request with an excessively long webAuthWhiteUserInfo parameter. This causes the function to copy more data than the buffer can hold, leading to a buffer overflow.

This overflow can cause the router's process to crash or become unstable, resulting in a Denial of Service (DoS) condition.

Impact Analysis

This vulnerability can impact you by causing a Denial of Service (DoS) on the affected Tenda W15E router. An attacker can exploit the buffer overflow by sending a crafted HTTP request, which may crash the router's process or make the device unstable and unresponsive.

This means your network connectivity could be disrupted, potentially leading to downtime or loss of access to network resources.

Detection Guidance

This vulnerability can be detected by monitoring for specially crafted HTTP requests targeting the vulnerable CGI endpoint that uses the formAddWebAuthWhiteUser function. Specifically, detection involves identifying HTTP requests containing an excessively long webAuthWhiteUserInfo parameter, such as one with hundreds of repeated characters followed by newline characters.

A practical approach is to capture and analyze HTTP traffic to the Tenda W15E router, looking for requests to the addWebAuthWhiteUser action with unusually long webAuthWhiteUserInfo parameters.

Example command using tcpdump to capture HTTP traffic to the router (replace <router_ip> with the router's IP address):

  • tcpdump -A -s 0 host <router_ip> and tcp port 80

After capturing, search for HTTP POST requests containing the parameter webAuthWhiteUserInfo with suspiciously long values.

Alternatively, use tools like grep or Wireshark to filter for the parameter in captured traffic.

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable CGI endpoint to trusted users only, such as limiting access to the router's management interface via firewall rules or network segmentation.

Additionally, monitor and block HTTP requests containing suspiciously long webAuthWhiteUserInfo parameters to prevent exploitation attempts.

If possible, update the router firmware to a version that addresses this vulnerability once available.

Until a patch is released, consider disabling remote management features or the affected web interface components to reduce exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36817. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart