CVE-2026-36823: Shenzhen Tenda Technology Co
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A stack-based buffer overflow affects the Tenda W20E router (firmware v15.11.0.6), specifically in the webAuthUserInfo parameter of the formAddWebAuthUser function. The vulnerability is reachable over the network with no authentication required, making it accessible to any attacker who can send HTTP requests to the device. Successful exploitation crashes the affected service, causing a denial of service. No fix version has been published; HarborGuard tracks this advisory and will surface a patched rebuild as soon as upstream ships one.
HarborGuard Coverage
Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in registries and pipelines, including custom-built images that bundle this firmware or derived components.
AvailableHarborGuard scores this finding at CVSS 7.5 (HIGH) and applies per-environment compliance policy weighting to prioritize the alert before routing it to the appropriate team inbox within each customer organization.
AvailableBecause no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment a fix is released. In the meantime, customers can review compensating controls such as network-policy isolation to restrict HTTP access to the device management interface.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable HTTP endpoint is exposed over the network, so an attacker must be able to send HTTP requests to the device to trigger the overflow.
- AuthenticationNot required
No credentials are needed; the vulnerable parameter is processed before any authentication check.
- Victim interactionNot required
The attacker sends a crafted HTTP request directly to the device; no user action on the victim side is involved.
- Attack complexityDetail
Exploitation is reliable and condition-free: the attacker only needs to craft an oversized value for the webAuthUserInfo parameter.
Blast Radius
- Crashes the affected Tenda W20E service, taking the web management interface offline.
- Disrupts routing or authentication functions dependent on the crashed process, cutting off legitimate administrative access.
- Persistent or repeated requests can keep the device in a denial-of-service state until it is manually rebooted.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-36823 is active and matches any customer image that includes the affected Tenda W20E firmware component. Because no upstream patch exists yet, HarborGuard monitors the advisory on every ingest cycle and will automatically make a patched-image rebuild available the moment a fix version is published. For customers with auto-remediation enabled, that rebuild will trigger a regression test run and open a PR against affected workloads without manual intervention. While waiting for an upstream fix, customers are encouraged to apply compensating controls such as restricting network access to the device HTTP management interface via network policy, filtering ingress to trusted source addresses only, and disabling the web authentication user management endpoint if the feature is not actively in use.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H