CVE-2026-36822: Shenzhen Tenda Technology Co
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A stack-based buffer overflow in the Tenda W20E router firmware (version 15.11.0.6) allows an unauthenticated attacker to crash the device by sending a crafted HTTP request with an oversized macAddr parameter to the formDelStaState function. The vulnerability is reachable over the network with no login or special privileges required. Successful exploitation causes a Denial of Service, taking the affected device offline. No fix version has been published; HarborGuard tracks the advisory for patch availability.
HarborGuard Coverage
Detection is available across every HarborGuard environment. The CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built firmware or application images that bundle affected Tenda W20E components.
AvailableHarborGuard scores this CVE at 7.5 HIGH using the published CVSS v3.1 vector and can weight findings against each customer organization's compliance policy to route alerts to the appropriate team inbox.
AvailableBecause no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. In the meantime, customers can review compensating-control recommendations surfaced in the triage detail panel.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable HTTP endpoint is exposed over the network, so an attacker must be able to reach the device's web interface to deliver the crafted request.
- AuthenticationNot required
No credentials or account of any privilege level are needed; the formDelStaState endpoint accepts unauthenticated requests.
- Victim interactionNot required
The attacker sends a single crafted HTTP request directly to the device; no user action or social engineering is involved.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no specific race condition, memory layout knowledge, or environmental precondition.
Blast Radius
- Crashes the affected Tenda W20E device, causing a complete loss of network availability for all clients depending on it.
- Disrupts any services or workflows routed through the device for the duration of the outage.
- Repeated exploitation can sustain a persistent denial-of-service condition with no authentication barrier to slow the attacker.
How HarborGuard Handles This
Available on HarborGuard: because no patched firmware version has been published for this buffer overflow, the platform monitors the upstream advisory on every ingest cycle and will surface a patched-image rebuild automatically once Tenda or a downstream maintainer ships a fix. Where compliance policy permits, customers with auto-remediation enabled will receive a rebuild, regression-test run, and a pull request opened against affected workloads as soon as a fix version becomes available. While no patch exists, HarborGuard surfaces compensating-control recommendations in the triage panel, including network-policy isolation to restrict access to the device management interface, egress filtering to limit blast radius if the device is compromised, and feature-flag or firewall gating to block unauthenticated HTTP access to the affected endpoint from untrusted network segments.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H