Home / Vulnerability Intelligence / CVE-2026-24112

CVE-2026-24112 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 3, 2026

Tenda W20E - Buffer Overflow

Published: March 2, 2026Updated: March 3, 2026PoC AvailableRemote Exploitable

Overview

Tenda W20E V4.0br_V15.11.0.6 contains a buffer overflow caused by unchecked size validation in sscanf processing of userInfo in addWewifiWhiteUser function, letting attackers execute arbitrary code remotely, exploit requires crafted userInfo input.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 4.3%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary code remotely by exploiting buffer overflow, potentially leading to full system compromise.

Mitigation

Update to the latest version or apply vendor patches addressing buffer overflow in addWewifiWhiteUser function.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 3, 2026

🔴 CVE-2026-24112 - Critical (9.8) An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validat... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24112/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-24112
Severity: Critical
CVSS Score: 9.8
Type: buffer_overflow
Status: modified
EPSS: 4.3%
Social Posts: 1

CWE

CWE-120

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.3%Probability of exploitation in the next 30 days