CVE-2026-36803: Shenzhen Tenda Technology Co
Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the qossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A stack-based buffer overflow in the Tenda PW201A wireless access point (firmware v1.0.5) allows an unauthenticated remote attacker to crash the device by sending a crafted HTTP request to the qossetting function with an oversized page parameter. No authentication or user interaction is required. Successful exploitation crashes the affected device, causing a denial of service. HarborGuard tracks this advisory and will surface a patched-image rebuild the moment an upstream fix is published.
HarborGuard Coverage
Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that bundle affected Tenda PW201A firmware. Any image carrying the vulnerable firmware version is flagged automatically.
AvailableHarborGuard scores this finding at CVSS 7.5 (HIGH) and weights it against each customer environment's compliance policy, routing alerts to the appropriate team inbox based on asset criticality and policy thresholds.
AvailableNo fix version has been published upstream. HarborGuard re-evaluates the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment the vendor ships a fix. Where compensating controls apply, customers can gate exposure through network-policy isolation at the image level today.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The attacker must be able to reach the device's HTTP service over the network; no local or physical access is needed.
- AuthenticationNot required
No credentials are required; the malicious HTTP request can be sent by any unauthenticated party that can reach the service.
- Victim interactionNot required
The device processes the crafted request autonomously; no user needs to click a link or take any action.
- Attack complexityDetail
Exploitation is reliable and condition-free; the attacker simply sends a single crafted HTTP request with an oversized page parameter.
Blast Radius
- Crashes the QoS-setting HTTP handler on the Tenda PW201A, taking the device management interface offline.
- Disrupts network traffic management functions controlled by the affected firmware, potentially dropping connectivity for downstream clients.
- Repeated exploitation keeps the device in a crashed or reboot loop, causing sustained denial of service without any recovery window.
How HarborGuard Handles This
Available on HarborGuard: this CVE is matched against all customer images that bundle Tenda PW201A firmware v1.0.5 within minutes of publication. Because no vendor fix exists yet, HarborGuard monitors the advisory on every ingest cycle and will make a patched-image rebuild available automatically once upstream publishes a fix. In the meantime, customers can apply compensating controls through HarborGuard's network-policy isolation recommendations, which limit HTTP access to the device's management interface to trusted subnets only, reducing the attack surface until a patch is available. For customers who opt into auto-remediation, the rebuild, regression-test run, and PR against affected workloads will trigger automatically as soon as the fix version is published.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H