CVE-2026-36820
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-36820
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
shenzhen_tenda_technology_co_ltd tenda_w20e 15.11.0.6
tenda w20e to 16.01.0.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-36820 is a buffer overflow vulnerability found in the Tenda W20E router version 15.11.0.6. It occurs in the formAddWebAuthWhiteUser function, specifically when processing the webAuthWhiteUserInfo parameter from an HTTP request.

An attacker can send a specially crafted HTTP request with an excessively long webAuthWhiteUserInfo parameter, which causes the strncpy function to copy more data than the buffer can hold, leading to memory corruption.

This vulnerability can be exploited without authentication, making it easier for attackers to trigger the issue remotely.

Impact Analysis

Exploiting this vulnerability can cause a Denial of Service (DoS) condition on the affected device.

Specifically, the buffer overflow can crash the process handling the web request or make the router unstable, potentially disrupting network connectivity and services relying on the device.

Detection Guidance

This vulnerability can be detected by sending a crafted HTTP request to the Tenda W20E router targeting the formAddWebAuthWhiteUser function, specifically by manipulating the webAuthWhiteUserInfo parameter.

A detection command could involve using curl or a similar HTTP client to send a request with a long webAuthWhiteUserInfo parameter value to see if the device crashes or becomes unstable.

  • curl -X POST http://<router-ip>/path_to_endpoint -d "webAuthWhiteUserInfo=$(printf 'a%.0s' {1..888})$(printf '\n%.0s' {1..50})"

If the device crashes or the service becomes unresponsive after this request, it indicates the presence of the vulnerability.

Mitigation Strategies

Immediate mitigation steps include avoiding exposure of the vulnerable endpoint to untrusted networks since the vulnerable path is accessible without authentication.

Restrict access to the router's web interface to trusted IP addresses or internal networks only.

Monitor for unusual crashes or instability that may indicate exploitation attempts.

Update the router firmware to the latest version (e.g., V16.01.0.6) where this vulnerability is presumably fixed.

Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-36820 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36820. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart