CVE-2026-36815: Shenzhen Tenda Technology Co
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the hostname parameter of the formSetNetCheckTools function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A stack-based buffer overflow in the Tenda W15E router firmware (v15.11.0.10) affects the hostname parameter of the formSetNetCheckTools function. The flaw is reachable over the network without any authentication, and no victim interaction is required. Successful exploitation crashes the affected service, causing a denial of service. HarborGuard is tracking this advisory and will make a patched-image rebuild available as soon as an upstream fix is published.
HarborGuard Coverage
Detection for CVE-2026-36815 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images. Any image containing the affected Tenda W15E firmware component at v15.11.0.10 is flagged automatically in both registry scans and CI/CD pipeline checks.
AvailableHarborGuard surfaces this CVE with its CVSS v3.1 score of 7.5 (HIGH) and weights it against each customer environment's compliance policy to determine urgency and routing. Triage alerts are directed to the appropriate team inbox within each customer organization based on configured ownership rules.
AvailableBecause no fix version has been published upstream, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. In the meantime, customers with auto-remediation enabled will receive a notification and compensating-control guidance as soon as a patch becomes available.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable formSetNetCheckTools function is exposed over the network, meaning an attacker must be able to send HTTP requests to the device's network interface.
- AuthenticationNot required
No credentials or session token are needed; the overflow can be triggered by any unauthenticated HTTP request with a crafted hostname parameter.
- Victim interactionNot required
The attacker does not need a user to click a link or perform any action; the exploit is delivered directly to the service.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special preconditions, race conditions, or knowledge of memory layout.
Blast Radius
- Crashes the formSetNetCheckTools service process, causing a denial of service on the affected Tenda W15E device.
- Disrupts network management and diagnostic functions handled by the vulnerable process for the duration of the outage.
- If the device serves as a network gateway, a sustained crash loop could interrupt connectivity for all hosts routed through it.
How HarborGuard Handles This
Available on HarborGuard: this CVE is tracked continuously against customer image inventories at the HIGH severity tier. Because no upstream patch exists yet, HarborGuard re-evaluates the advisory on every ingest cycle. Customers are encouraged to apply compensating controls in the interim, such as network-policy rules that restrict HTTP management-plane access to trusted source IPs, egress filtering to limit lateral exposure, and feature-flag or firewall gating of the formSetNetCheckTools endpoint where the firmware permits. The moment an upstream fix is published, a patched-image rebuild will become available on HarborGuard; for customers with auto-remediation enabled, the rebuild, regression-test run, and a PR opened against affected workloads will follow automatically, with median time from CVE patch publication to merged PR running around 90 minutes for HIGH-severity issues.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H