CVE-2026-36810: Shenzhen Tenda Technology Co
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the gotoUrl parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A stack-based buffer overflow in the Tenda W15E router firmware (v15.11.0.10) affects the gotoUrl parameter of the formPortalAuth function. The vulnerability is reachable over the network without any authentication, making it exploitable by any remote attacker who can send HTTP requests to the device. Successful exploitation crashes the affected service, causing a denial of service. No fix version has been published; HarborGuard tracks the upstream advisory and will make a patched rebuild available as soon as one is released.
HarborGuard Coverage
Detection for CVE-2026-36810 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds, including custom-built images that bundle Tenda W15E firmware components.
AvailableHarborGuard is capable of scoring this CVE at CVSS 7.5 (HIGH) and weighting it against each customer environment's compliance policy, then routing alerts to the appropriate team inbox within the affected organization.
AvailableBecause no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment the upstream vendor ships a corrected firmware version. Customers with auto-remediation enabled will receive a rebuild, regression test run, and a PR opened against affected workloads as soon as that fix lands.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable formPortalAuth endpoint is exposed over the network, so an attacker must be able to send HTTP requests to the device's network interface to trigger the overflow.
- AuthenticationNot required
No credentials or prior account access are needed; the affected parameter is reachable through unauthenticated HTTP requests.
- Victim interactionNot required
The attacker triggers the vulnerability entirely through their own crafted request and does not need any action from a user or administrator on the target device.
- Attack complexityDetail
The exploit is reliable and condition-free, requiring no timing constraints, memory-layout knowledge, or special environmental setup beyond network access to the device.
Blast Radius
- Crashes the formPortalAuth service process on the affected Tenda W15E device, making portal authentication unavailable.
- Sustained or repeated exploitation causes persistent denial of service, blocking all users from authenticating through the captive portal.
- No confidentiality or data-integrity impact is associated with this vulnerability based on the CVSS vector (C:N/I:N).
How HarborGuard Handles This
Available on HarborGuard: because no upstream fix currently exists, HarborGuard continuously monitors the advisory on every ingest cycle and will surface a patched-image rebuild the moment Tenda publishes a corrected firmware version. In the interim, customers can apply compensating controls through HarborGuard's policy engine, such as network-policy isolation that restricts inbound HTTP access to the W15E management interface, egress filtering to limit lateral reachability, or feature-flag gating to disable portal authentication exposure where it is not required. For customers with auto-remediation enabled, a rebuild plus regression test run and PR against affected workloads will be triggered automatically once the upstream fix is available.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H