CVE-2026-36819
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-36819
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tenda tenda_w20e 15.11.0.6
tenda w20e 15.11.0.6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-36819 is a buffer overflow vulnerability found in the Tenda W20E V15.11.0.6 router, specifically in the fromSetDhcpRules function. This function processes user-controlled HTTP parameters, including the bindMACAddr parameter. The vulnerability occurs because the bindMACAddr parameter is used in a snprintf command without proper bounds checking, allowing an attacker to send an excessively long value (e.g., 888 characters) that overflows the buffer.

Exploiting this vulnerability involves sending a crafted HTTP request to the fromSetDhcpRules CGI endpoint, which triggers the buffer overflow.

Impact Analysis

This vulnerability can cause a Denial of Service (DoS) condition by crashing the affected process or making the device unstable. An attacker exploiting this flaw can disrupt the normal operation of the Tenda W20E router, potentially causing network outages or loss of connectivity.

Detection Guidance

This vulnerability can be detected by monitoring for crafted HTTP requests sent to the fromSetDhcpRules CGI endpoint on the Tenda W20E V15.11.0.6 router. Specifically, requests that include an excessively long bindMACAddr parameter (e.g., a string repeated 888 times) may trigger the buffer overflow.

To detect exploitation attempts, you can capture and analyze HTTP traffic targeting the router's web interface, looking for unusually long bindMACAddr parameters in requests to the setDhcpRules action.

Example command using tcpdump to capture HTTP requests to the router (replace <router_ip> with the router's IP address):

  • tcpdump -A -s 0 'tcp dst port 80 and host <router_ip>'

After capturing traffic, you can search for suspicious requests containing the bindMACAddr parameter with abnormally long values.

Mitigation Strategies

Immediate mitigation steps include restricting access to the router's web interface to trusted networks or IP addresses to prevent unauthorized HTTP requests.

Additionally, monitor the device for crashes or instability that may indicate exploitation attempts.

If available, update the router firmware to a version that addresses this vulnerability.

As a temporary workaround, consider disabling remote management features or the DHCP rules configuration interface if possible.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36819. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart