CVE-2026-36813: Tenda W15E Buffer Overflow DoS Vulnerability
A buffer overflow vulnerability has been discovered in Tenda W15E router firmware version 15.11.0.10. The flaw exists in how the device processes image cropping requests and can be exploited by sending a specially crafted HTTP request to cause the router to crash or stop responding. No authentication is required to trigger the vulnerability, meaning attackers on the network can exploit it without credentials.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.5 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Weaknesses (CWE)
- CWE-121
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-09 / 2026-06-17
NVD description (verbatim)
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
1 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-36813 is a stack-based buffer overflow (CWE-121) in the formCropAndSetWewifiPic function within Tenda W15E v15.11.0.10. The vulnerability stems from insufficient bounds checking on the picCropName parameter when processing HTTP requests. An attacker can craft a malicious HTTP request with an oversized picCropName value, overflowing the buffer and corrupting the stack, leading to process termination or unpredictable device behavior. The attack requires network access but no prior authentication or user interaction.
Business impact
This vulnerability enables network-level denial-of-service attacks against affected routers. An attacker can repeatedly crash the device or render it unresponsive, disrupting network availability for all users relying on the router. Organizations using Tenda W15E devices as network edge equipment could experience service interruptions. The impact is primarily availability-focused, with no direct data confidentiality or integrity compromise, but the operational disruption can affect business continuity depending on the deployment context.
Affected systems
Tenda W15E router running firmware version 15.11.0.10 is confirmed vulnerable. Verify against Tenda's advisory whether earlier or later firmware versions in the W15E line are affected. Administrators should check their deployed Tenda W15E devices and determine the current firmware version to assess exposure.
Exploitability
Exploitability is relatively straightforward. The vulnerability requires only network access and no authentication, reducing the barrier to attack. A crafted HTTP request can be generated with basic tools and sent to the router's web interface. The attack is reproducible and does not depend on user interaction or social engineering. However, exploitation is limited to network-adjacent or internally connected attackers; it is not exploitable from the Internet without prior network access or specific port forwarding configurations.
Remediation
Firmware updates are the primary remediation. Tenda has released or will release a patched firmware version addressing this buffer overflow. Verify against Tenda's official advisory for the specific patched firmware version applicable to the W15E. Organizations should apply the update promptly. Until patching is feasible, consider network segmentation to restrict HTTP access to the router's web interface, or temporarily disable remote management features if not operationally critical.
Patch guidance
Check Tenda's official support page and security advisories for the W15E product line to identify the patched firmware version. Download the firmware directly from Tenda's servers (verify authenticity through GPG signatures if available) and apply it via the router's web administration panel or TFTP recovery method, depending on the device's update mechanism. Test the update in a non-production environment first to confirm functionality. Verify successful patching by confirming the new firmware version is running post-reboot.
Detection guidance
Monitor HTTP requests to the router's web interface for abnormally large or malformed picCropName parameters. Implement network intrusion detection rules targeting oversized payloads in crop-related endpoints. Check router logs for repeated process crashes or resets correlating with HTTP requests. Organizations with centralized logging should correlate router restarts or service unavailability with inbound HTTP traffic patterns. Passive asset discovery tools can help identify all Tenda W15E devices on the network and their firmware versions for rapid inventory assessment.
Why prioritize this
A HIGH severity rating (CVSS 7.5) reflects a denial-of-service vector affecting availability with no authentication barrier and low attack complexity. While data confidentiality and integrity are not compromised, the ability to remotely crash network infrastructure without credentials warrants prompt patching. Organizations relying on the W15E for critical network access should prioritize this update to prevent operational disruptions.
Risk score, explained
The CVSS 3.1 score of 7.5 (HIGH) accounts for network accessibility (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on availability (A:H). The absence of confidentiality or integrity impact (C:N, I:N) limits the score from critical to high. The score reflects a serious but contained threat: attackers can disrupt service availability remotely, but cannot steal data or execute arbitrary code.
Frequently asked questions
Can this vulnerability be exploited from the Internet?
Only if the router's web interface is exposed to the Internet through port forwarding or if the attacker has network access to the local network segment where the router resides. By default, the web interface is accessible only to devices on the same network.
What versions of Tenda W15E are affected?
Version 15.11.0.10 is confirmed vulnerable. Verify against Tenda's advisory whether earlier versions or the current version are affected. Not all W15E devices may be running the vulnerable version if they have been previously updated.
Will patching this vulnerability impact router functionality or performance?
Patching should address only the buffer overflow without affecting normal router operations. However, test any firmware update in a controlled environment first to confirm compatibility with your network configuration.
How long does it take to apply the patch?
Firmware updates typically take 5–15 minutes to download and install, with a device reboot required. Plan the update during a maintenance window to minimize user impact.
This analysis is based on publicly disclosed vulnerability information current as of the publication date. CVSS scores and vulnerability details are provided for reference and may be updated by vendors or authoritative sources. Patch version numbers and release dates should be verified against official vendor advisories before deployment. Organizations are responsible for independently validating patches in their own environments before production rollout. This content is for informational purposes and does not constitute professional security advice; consult with your security team or a vendor representative for guidance specific to your infrastructure. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2018-25383HIGHFree MP3 CD Ripper 2.8 Stack Overflow – ROP and DEP Bypass Risk
- CVE-2025-52292HIGHGPAC MP4Box Stack Buffer Overflow Denial of Service
- CVE-2025-66280HIGHQNAP Integer Overflow Vulnerability: Patch & Risk Assessment
- CVE-2026-10062HIGHTRENDnet TEW-432BRP Stack Overflow – EOL Hardware Risk
- CVE-2026-10063HIGHTRENDnet TEW-432BRP Stack Overflow – End-of-Life Router Vulnerability
- CVE-2026-10065HIGHShibby Tomato 1.28 Stack Buffer Overflow in tomatodata.cgi
- CVE-2026-10066HIGHShibby Tomato Stack Buffer Overflow in UPS Service (RCE)
- CVE-2026-10067HIGHShibby Tomato 1.28 Stack Buffer Overflow in multimon.cgi