Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Tenda W20E Router: Buffer Overflow Risk from Malicious Input
CVE-2026-24108
Summary
Attackers can inject malicious data into Tenda W20E routers, potentially allowing them to take control of the device. This could lead to unauthorized access, disruption of service, or other malicious activity. Update your Tenda W20E router to the latest version to fix this vulnerability.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| tenda | w20e_firmware | 15.11.0.6 | – |
Original title
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and c...
Original description
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability.
nvd CVSS3.1
9.8
Vulnerability type
CWE-120
Classic Buffer Overflow
- https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24108 Exploit Third Party Advisory
- https://www.tenda.com.cn/material/show/2707 Product
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026