CVE-2026-36817: Shenzhen Tenda Technology Co
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A buffer overflow vulnerability affects the Tenda W15E router (firmware v15.11.0.10), specifically in the formAddWebAuthWhiteUser function's handling of the webAuthWhiteUserInfo parameter. The flaw is reachable over the network with no authentication required and no user interaction needed. Successful exploitation crashes the affected device, causing a denial of service. No fix has been published yet; HarborGuard tracks this advisory and will surface a patched-image rebuild as soon as upstream ships a fix.
HarborGuard Coverage
Detection for CVE-2026-36817 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds, including custom-built images that embed affected Tenda W15E firmware components.
AvailableHarborGuard is capable of scoring this CVE at 7.5 HIGH using the CVSS v3.1 vector, weighted further by each customer's per-environment compliance policy, and routing resulting findings to the appropriate team inbox within the customer org.
AvailableBecause no fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. Customers with auto-remediation enabled will receive the rebuild, a regression-test run, and a PR opened against affected workloads as soon as that fix lands.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable function is exposed over the network, meaning an attacker must be able to send HTTP requests to the device's web interface to trigger the overflow.
- AuthenticationNot required
No credentials or session token are needed; the overflow can be triggered by an unauthenticated HTTP request.
- Victim interactionNot required
No user action on the target device is required; the attacker sends a crafted request directly and the crash occurs without any victim involvement.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special preconditions such as race conditions or specific memory layout.
Blast Radius
- Crashes the Tenda W15E router process handling web authentication, taking the device's management interface offline.
- Disrupts network connectivity for all clients depending on the affected device, as a router crash can interrupt routing and gateway functions.
- Repeated exploitation can keep the device in a crash-restart loop, making recovery difficult without physical access or manual intervention.
How HarborGuard Handles This
Available on HarborGuard: detection for this CVE is matched against images in customer registries and build pipelines within minutes of advisory ingestion. Because no upstream fix exists at this time, HarborGuard monitors the advisory on every ingest cycle and will trigger a patched-image rebuild automatically once a fix version is published. For customers with auto-remediation enabled, that will include a regression-test run and a PR opened against affected workloads. In the meantime, compensating controls worth considering include network-policy isolation that restricts access to the device's web management interface to trusted subnets only, egress filtering to limit blast radius if the device is compromised, and disabling the webAuthWhiteUser feature endpoint via a configuration flag if the firmware supports it.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H