CVE-2026-36821
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-36821
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
tenda tenda_w20e 15.11.0.6
tenda w20e 15.11.0.6
tenda w20e to 16.01.0.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2026-36821 vulnerability affects the Tenda W20E router, specifically in the formCropAndSetWewifiPic function. This function improperly handles the picCropName parameter from HTTP requests, leading to a buffer overflow when this parameter is excessively long.

The vulnerability occurs because the code uses sprintf to copy the picCropName value into a buffer without proper length checks, which can cause memory corruption.

An attacker can exploit this by sending a crafted HTTP request with a very long picCropName value (e.g., 888 or more characters), causing the device to crash or become unstable.

Impact Analysis

This vulnerability can cause a Denial of Service (DoS) on the affected Tenda W20E router.

By sending a specially crafted HTTP request with an overly long picCropName parameter, an attacker can crash the router's process or cause device instability, potentially disrupting network connectivity.

Detection Guidance

This vulnerability can be detected by monitoring for HTTP requests sent to the Tenda W20E router that contain an excessively long picCropName parameter in the formCropAndSetWewifiPic function.

Specifically, an attacker sends a crafted HTTP request with a picCropName parameter value of 888 or more characters, which triggers the buffer overflow.

To detect potential exploitation attempts, you can capture and inspect HTTP traffic to the router for unusually long picCropName parameters.

  • Use a network packet capture tool like tcpdump or Wireshark to filter HTTP requests to the router's IP address.
  • Example tcpdump command to capture HTTP requests to the router (replace <router_ip> with the actual IP):
  • tcpdump -A -s 0 host <router_ip> and tcp port 80
  • Then, search the captured traffic for HTTP requests containing the parameter picCropName with a very long value (e.g., over 800 characters).
Mitigation Strategies

Immediate mitigation steps include updating the router firmware to a version that is not vulnerable, such as version V16.01.0.6 or later.

If an update is not immediately available, restrict access to the router's HTTP management interface to trusted networks or IP addresses to prevent exposure to crafted requests.

Additionally, monitor network traffic for suspicious HTTP requests with long picCropName parameters and block or alert on such traffic.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36821. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart