CVE-2026-36816: Shenzhen Tenda Technology Co
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A stack-based buffer overflow in the Tenda W15E router firmware (version 15.11.0.10) affects the formAddWewifiWhiteUser function, specifically the wewifiWhiteUserInfo parameter. An attacker can reach this vulnerability over the network without any authentication or user interaction by sending a crafted HTTP request to the device. Successful exploitation crashes the affected service, causing a denial of service. No fix version has been published; HarborGuard tracks the advisory for patch availability.
HarborGuard Coverage
Detection of CVE-2026-36816 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream feeds, including custom-built images that bundle this firmware or derived components.
AvailableTriage capability is available using the CVSS v3.1 score of 7.5 (HIGH), weighted against each customer environment's compliance policy, with findings routed to the appropriate team inbox within the customer org.
AvailableBecause no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. In the meantime, advisory status updates are surfaced automatically in the findings view for affected images.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The attacker must be able to reach the device's HTTP service over the network; no local or physical access is needed.
- AuthenticationNot required
No credentials or session token are required; the crafted HTTP request can be sent by any unauthenticated caller.
- Victim interactionNot required
No user action is needed; the attacker sends the malicious request directly to the service without involving any human victim.
- Attack complexityDetail
Exploitation is reliable and condition-free, requiring no race conditions, memory-layout knowledge, or other environmental setup.
Blast Radius
- Crashes the affected router service, taking the device offline and disrupting all network traffic routed through it.
- All connected clients lose network access for the duration of the outage or until the device is manually rebooted.
- Repeated exploitation can sustain an indefinite denial-of-service condition with no authentication barrier to slow an attacker down.
How HarborGuard Handles This
Available on HarborGuard: the CVE is matched against all scanned images on every pipeline run, so any image embedding this firmware version is flagged immediately. Because no upstream patch exists yet, the recommended near-term compensating controls include isolating the affected device behind a network policy that restricts HTTP management-interface access to trusted management subnets only, applying egress filtering to prevent the device from being leveraged further if compromised, and disabling the wewifiWhiteUser feature via its feature flag or equivalent configuration option if the deployment does not require it. HarborGuard re-checks the advisory on every ingest cycle; for customers with auto-remediation enabled, a patched-image rebuild, regression test run, and pull request against affected workloads will be triggered automatically the moment Tenda publishes a fix version.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H