CVE-2026-36813

Vulnerability

A buffer overflow vulnerability exists in the formCropAndSetWewifiPic function of Shenzhen Tenda Technology Co., Ltd Tenda W15E firmware version v15.11.0.10 [1]. The vulnerability is triggered when the picCropName parameter, retrieved via websGetVar, is used in a sprintf call to construct a filename, leading to an overflow if the parameter is excessively long [1]. The vulnerable path is directly reachable.

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the formCropAndSetWewifiPic CGI endpoint. The request must include a picCropName parameter with a value significantly longer than expected, for example, a string of 888 or more characters [1]. No specific authentication or network position is mentioned as required beyond the ability to send HTTP requests to the device.

Impact

Successful exploitation of this vulnerability can lead to a Denial of Service (DoS) condition. This may manifest as a process crash or general device instability, rendering the device inoperable for legitimate users [1].

Mitigation

No patched version or specific mitigation details are available in the provided references. The vulnerability was publicly disclosed on 2026-06-06 [1].