Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Tenda W20E Router: Buffer Overflow Risk from User Input
CVE-2026-24112
Summary
The Tenda W20E router's settings page is vulnerable to a security risk if an attacker provides a large amount of data when adding a new Wi-Fi user. This could potentially allow the attacker to execute unauthorized code on the router, compromising its security. Update the router's firmware to the latest version to address this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| tenda | w20e_firmware | 15.11.0.6 | – |
Original title
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` funct...
Original description
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validation, it could lead to a buffer overflow vulnerability.
nvd CVSS3.1
9.8
Vulnerability type
CWE-120
Classic Buffer Overflow
- https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24112 Exploit Third Party Advisory
- https://www.tenda.com.cn/material/show/2707 Product
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026