CVE-2026-36808: Shenzhen Tenda Technology Co
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A stack-based buffer overflow in Tenda W15E firmware v15.11.0.10 allows an unauthenticated remote attacker to crash the device by sending a crafted HTTP request to the formAddWebAuthUser function via the webAuthUserInfo parameter. No authentication or victim interaction is needed; the attacker only needs network access to the device's web interface. Successful exploitation causes a Denial of Service, taking the affected gateway offline. No fix version has been published; HarborGuard tracks the advisory for patch availability.
HarborGuard Coverage
Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images and firmware-derived containers in connected registries and CI/CD pipelines, including custom-built images that embed Tenda W15E firmware components.
AvailableHarborGuard scores this CVE at CVSS 7.5 HIGH and is capable of weighting that score against each customer's per-environment compliance policy to surface the finding to the appropriate team inbox, prioritizing it alongside other network-exploitable, no-auth vulnerabilities.
AvailableBecause no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment a fix is released by the vendor. Customers with auto-remediation enabled will receive the rebuild, regression-test run, and a PR opened against affected workloads as soon as the upstream patch is ingested.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The attacker must reach the device's HTTP service over the network; the vulnerable endpoint is exposed via the web management interface.
- AuthenticationNot required
No credentials are needed; the formAddWebAuthUser endpoint accepts unauthenticated requests.
- Victim interactionNot required
Exploitation is fully remote and passive; no user on the target device needs to take any action.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special conditions, race timing, or knowledge of memory layout.
Blast Radius
- The affected service crashes, taking the Tenda W15E gateway offline and severing network connectivity for all users routed through it.
- No confidentiality or integrity impact is present; the sole effect is availability loss on the targeted device.
- Repeated exploitation can prevent the device from recovering, prolonging the outage until the device is manually power-cycled or reset.
How HarborGuard Handles This
Available on HarborGuard: this CVE is matched against images in customer registries and pipelines as soon as it is ingested from upstream feeds. Because no vendor patch exists yet, HarborGuard monitors the advisory on every ingest cycle and will automatically trigger a patched-image rebuild the moment an upstream fix is published. In the meantime, compensating controls worth considering include network-policy rules that restrict access to the device's HTTP management interface to trusted subnets only, egress filtering to limit lateral movement if the device is compromised, and disabling the web authentication user-management endpoint where operationally feasible. For customers who opt into auto-remediation, the rebuild, regression-test run, and PR flow against affected workloads will activate as soon as a fix version is available.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H