CVE-2026-24112 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 3, 2026
Tenda W20E - Buffer Overflow
Published: March 2, 2026Updated: March 3, 2026PoC AvailableRemote Exploitable
Overview
Tenda W20E V4.0br_V15.11.0.6 contains a buffer overflow caused by unchecked size validation in sscanf processing of userInfo in addWewifiWhiteUser function, letting attackers execute arbitrary code remotely, exploit requires crafted userInfo input.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can execute arbitrary code remotely by exploiting buffer overflow, potentially leading to full system compromise.
Mitigation
Update to the latest version or apply vendor patches addressing buffer overflow in addWewifiWhiteUser function.
References
Related Resources
Details
- CVE ID
- CVE-2026-24112
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- buffer_overflow
- Status
- confirmed
CWE
- CWE-120
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H