CVE-2026-36819: Shenzhen Tenda Technology Co
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A stack-based buffer overflow exists in the Tenda W20E router firmware (v15.11.0.6) affecting the bindMACAddr parameter inside the fromSetDhcpRules function. The flaw is reachable over the network without any authentication, meaning any attacker who can send an HTTP request to the device can trigger it. Successful exploitation crashes the affected service, causing a denial of service. HarborGuard is tracking this advisory and will make a patched-image rebuild available as soon as an upstream fix is published.
HarborGuard Coverage
Detection of CVE-2026-36819 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Tenda W20E firmware or related components. Any image containing the affected version is flagged automatically in both registry scans and CI/CD pipeline checks.
AvailableHarborGuard is capable of scoring this CVE at CVSS 7.5 HIGH and weighting it against each customer environment's compliance policy to determine urgency. Triage routing is available to direct the finding to the appropriate team inbox within each customer organization.
AvailableBecause no upstream fix has been published for this CVE, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment the vendor ships a corrected firmware version. In the meantime, customers can use HarborGuard's compensating-control recommendations to manage exposure in affected environments.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable function is exposed over the network; an attacker must be able to send an HTTP request to the device to trigger the overflow.
- AuthenticationNot required
No credentials are needed; the crafted HTTP request can be sent by any unauthenticated party who can reach the device.
- Victim interactionNot required
No user action is needed on the target device; the attacker sends the request directly and triggers the crash.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or knowledge of memory layout.
Blast Radius
- Crashes the affected service on the Tenda W20E device, making it unresponsive to legitimate traffic.
- Causes a sustained denial of service condition, cutting off network connectivity for any clients depending on the device.
How HarborGuard Handles This
Available on HarborGuard: this CVE is monitored continuously across every ingest cycle because no vendor fix currently exists. For environments running container images that incorporate Tenda W20E firmware at v15.11.0.6, HarborGuard surfaces the finding immediately upon scan and can apply compliance-policy weighting to escalate it based on the network-exposed, no-auth nature of the bug. As a compensating control while awaiting an upstream patch, customers can use HarborGuard's network-policy isolation recommendations to restrict HTTP management-interface access to trusted subnets only, and egress filtering rules can be applied to limit blast radius. The moment the vendor publishes a patched firmware version, a rebuilt image at that fix version becomes available, and customers with auto-remediation enabled receive an automated rebuild, regression-test run, and a PR opened against affected workloads.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H