CVE-2026-24110 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 3, 2026
Tenda W20E - Buffer Overflow
Overview
Tenda W20E V4.0br_V15.11.0.6 contains a buffer overflow caused by lack of size validation in addDhcpRules data processed by sscanf in addDhcpRule function, letting attackers cause memory corruption remotely, exploit requires crafted input.
Severity & Score
Impact
Attackers can cause memory corruption leading to potential remote code execution or system crash.
Mitigation
Update to the latest firmware version provided by Tenda.
References
Social Media Activity(2 posts)
š“ CVE-2026-24110 - Critical (9.8) An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule, " %d\t%[^\t]\t%[^\n\r\t]", &dhcpsIndex, dhcpsI... š https://www.thehackerwire.com/vulnerability/CVE-2026-24110/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš“ CVE-2026-24110 - Critical (9.8) An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule, " %d\t%[^\t]\t%[^\n\r\t]", &dhcpsIndex, dhcpsI... š https://www.thehackerwire.com/vulnerability/CVE-2026-24110/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-24110
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- buffer_overflow
- Status
- confirmed
- EPSS
- 4.3%
- Social Posts
- 2
CWE
- CWE-120
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H