Home / Vulnerability Intelligence / CVE-2026-24115

CVE-2026-24115 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 3, 2026

Tenda W20E - Buffer Overflow

Published: March 2, 2026Updated: March 3, 2026PoC AvailableRemote Exploitable

Overview

Tenda W20E V4.0br_V15.11.0.6 contains a buffer overflow caused by failure to validate sizes of 'gstup' and 'gstdwn' before concatenation into 'gstruleQos', letting attackers cause memory corruption remotely, exploit requires network access.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 4.3%(Probability of exploitation in next 30 days)

Impact

Attackers can cause memory corruption leading to potential remote code execution or device crash.

Mitigation

Update to the latest firmware version.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 3, 2026

🔴 CVE-2026-24115 - Critical (9.8) An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24115/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-24115
Severity: Critical
CVSS Score: 9.8
Type: buffer_overflow
Status: modified
EPSS: 4.3%
Social Posts: 1

CWE

CWE-120

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.3%Probability of exploitation in the next 30 days