CVE-2026-36810: Tenda W15E Buffer Overflow DoS Vulnerability
A buffer overflow vulnerability exists in Tenda W15E router firmware version 15.11.0.10 within a web parameter called gotoUrl. An attacker can send a specially crafted web request to crash the router, causing a temporary outage. No authentication is required, and the attacker does not need to interact with the device owner. The vulnerability affects the device's availability but does not expose data or allow unauthorized access.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.5 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Weaknesses (CWE)
- CWE-120
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-09 / 2026-06-17
NVD description (verbatim)
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the gotoUrl parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
1 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-36810 is a classic stack-based buffer overflow (CWE-120) in the formPortalAuth function of Tenda W15E firmware v15.11.0.10. The gotoUrl HTTP parameter lacks proper bounds checking, allowing an attacker to overflow the allocated buffer with crafted input. This memory corruption causes immediate denial of service when the malformed request is processed. The CVSS 3.1 vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) reflects network-accessible exploitation with no prerequisites, resulting in high impact to availability.
Business impact
Router availability directly affects business continuity for organizations relying on Tenda W15E devices for network access. A DoS attack renders the device unresponsive, severing internet connectivity until manual intervention restores the router. For small offices, remote locations, or backup network segments using this hardware, such outages can halt operations, interrupt cloud service access, and disrupt employee productivity. The low barrier to exploitation—requiring only an HTTP request and no authentication—makes this a practical denial-of-service vector against organizations unable to quickly replace affected devices.
Affected systems
Tenda W15E router running firmware version 15.11.0.10 is confirmed vulnerable. Organizations should verify their device firmware version via the router's web interface or management console. Tenda firmware versions are typically displayed under System Settings or Device Information. The vulnerability may affect earlier or concurrent firmware branches; verify against Tenda's official advisory for a complete list of impacted versions and device SKUs.
Exploitability
The vulnerability is highly exploitable in real-world conditions. No authentication, no user interaction, and no special network position is required—an attacker on the internet can trigger the crash with a single HTTP request. Crafting the malicious gotoUrl payload requires understanding buffer offset calculations, but this is straightforward for competent attackers. The attack succeeds reliably and can be automated for mass scanning or targeted campaigns. However, the impact is limited to temporary unavailability; the router recovers after rebooting.
Remediation
Immediately identify and inventory all Tenda W15E devices in your network. Contact Tenda support or check their official website for a firmware update that patches the buffer overflow in formPortalAuth. If a patch is available, schedule a maintenance window to upgrade affected routers. Prioritize devices that are internet-facing, serve critical functions, or lack redundant connectivity. Until patching is complete, implement compensating controls: restrict HTTP access to the router's web interface using a firewall, enable IP whitelisting on the device if available, or isolate the router behind an authenticated gateway.
Patch guidance
Consult Tenda's official security advisory and product support portal for the patched firmware version number and release date. Download firmware directly from Tenda's website and follow their documented update procedure for the W15E model. Do not use third-party repositories. If no patch is currently available, subscribe to Tenda's security notifications to be alerted when one is released. Document the firmware version before and after patching for compliance tracking. Test the update in a non-production environment if possible before deploying across your organization.
Detection guidance
Monitor network traffic to Tenda W15E devices for HTTP requests with abnormally long or malformed gotoUrl parameter values. Web application firewalls (WAF) and intrusion detection systems (IDS) should be configured to alert on oversized query parameters sent to web interfaces on router ports (typically 80, 443, or 8080). Enable verbose logging on the router if available; buffer overflow attempts may be recorded in access logs or system logs with anomalous request patterns. Correlate alerts with router uptime; unexpected reboots or service restarts on W15E devices warrant investigation. Network segmentation that isolates router management interfaces from untrusted sources will reduce exposure.
Why prioritize this
This vulnerability merits immediate action despite being non-exploitative for data theft. The CVSS 7.5 HIGH score reflects the ease of exploitation and lack of prerequisites—any internet-connected attacker can trigger DoS at will. The simplicity of the attack payload and the prevalence of Tenda W15E devices in SMB and branch office deployments create a broad target surface. While individual outages are temporary, repeated or coordinated attacks can disrupt business operations and damage organizational reputation. Prioritize patching based on device criticality: internet-facing routers and those without redundancy should be updated first.
Risk score, explained
The CVSS 3.1 score of 7.5 (HIGH) is driven by a network vector (AV:N), low attack complexity (AC:L), no privilege or user interaction required (PR:N, UI:N), and significant impact to availability (A:H). The vector yields no confidentiality or integrity impact (C:N, I:N), which prevents an even higher score. In practical terms, this scores as HIGH because any remote attacker can reliably crash the device; however, it does not escalate to CRITICAL because the impact is limited to availability and recovery is automatic upon reboot.
Frequently asked questions
Does this vulnerability expose my network data or router credentials?
No. The buffer overflow causes denial of service only—the device crashes but does not leak data, expose credentials, or provide the attacker with unauthorized access. The vulnerability is in the availability dimension only, not confidentiality or integrity.
Can the attacker maintain control of the router after the crash?
No. The buffer overflow triggers an immediate crash (segmentation fault or memory corruption), which forces the router to reboot. There is no persistent code execution or shell access as a result of this vulnerability. After reboot, the router returns to its normal state.
Will a firewall or network IDS protect me until I patch?
Partially. If you restrict HTTP access to the router's web interface via a firewall or WAF, the attack surface shrinks significantly. However, the best protection is firmware patching. Use access controls as a temporary measure while you schedule and execute the firmware update.
Is my router automatically patched by Tenda?
No. Firmware updates are not automatic on most Tenda devices. You must manually download the patched firmware from Tenda and apply it via the router's web interface or management tool. Check Tenda's official advisory to verify patch availability and procedures for your specific W15E model variant.
This analysis is based on the published CVE record as of June 2026 and reflects the vulnerability details available at that time. Tenda firmware versions, patch releases, and product availability may vary by region and distributor. Organizations should verify affected device inventory against their own hardware records and cross-reference patch availability directly with Tenda's official security advisories and support channels. This vulnerability analysis does not constitute a substitute for the vendor's authoritative guidance. SEC.co does not provide legal liability for decisions made based on this intelligence; consult your security and legal teams before taking remediation action. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2018-25426HIGHWinMTR 0.91 Denial-of-Service Buffer Overflow Vulnerability
- CVE-2018-25432HIGHArm Whois 3.11 Buffer Overflow Allows Local Code Execution
- CVE-2019-25733HIGHNetShareWatcher 1.5.8.0 SEH Buffer Overflow – Local Code Execution
- CVE-2019-25735HIGHAllPlayer 7.4 Buffer Overflow in URL Handling – Local Code Execution Risk
- CVE-2019-25736HIGHLabF nfsAxe 3.7 Buffer Overflow – Local Code Execution
- CVE-2026-10126HIGHEdimax BR-6478AC Buffer Overflow Remote Code Execution
- CVE-2026-10163HIGHEdimax BR-6478AC Buffer Overflow in USB Account Handler
- CVE-2026-10164HIGHEdimax BR-6478AC Buffer Overflow Remote Code Execution