W15E
by Tenda
CVEs (26)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-36808 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||
| CVE-2026-36807 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||
| CVE-2026-36806 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||
| CVE-2017-14515 | Hig | 0.49 | 7.5 | 0.01 | Sep 17, 2017 | Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors. | ||
| CVE-2017-14514 | Hig | 0.49 | 7.5 | 0.02 | Sep 17, 2017 | Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. | ||
| CVE-2026-30140 | 0.00 | — | 0.00 | Mar 9, 2026 | An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive… |
- risk 0.49cvss 7.5epss 0.00
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
- risk 0.49cvss 7.5epss 0.00
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
- risk 0.49cvss 7.5epss 0.00
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
- risk 0.49cvss 7.5epss 0.01
Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors.
- risk 0.49cvss 7.5epss 0.02
Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL.
- CVE-2026-30140Mar 9, 2026risk 0.00cvss —epss 0.00
An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive…
Page 2 of 2