Cyber Resilience

CVE-2026-24109

CriticalPublic PoC

Published: 02 March 2026

Published
02 March 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0065 46.3th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-24109 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Tenda W20E Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 46.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-24109 is a buffer overflow vulnerability (CWE-120) discovered in the Tenda W20E router running firmware version V4.0br_V15.11.0.6. The flaw arises when the `picName` parameter, which attackers can control, is passed to a `sprintf` function without proper bounds checking or variable size validation. This unsafe string handling allows arbitrary data to overflow fixed-size buffers, potentially leading to memory corruption.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely over the network with low complexity, no authentication or user interaction required. Any unauthenticated attacker can send crafted requests controlling the `picName` value to trigger the buffer overflow, potentially achieving remote code execution, data theft, or device denial of service with high impacts on confidentiality, integrity, and availability.

Vendor references include a Tenda advisory at https://www.tenda.com.cn/material/show/2707, along with CVE report repositories at https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24109. Security practitioners should consult these for patching instructions or firmware updates to mitigate the issue.

EU & UK References

Vulnerability details

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated buffer overflow in public-facing router web interface directly enables T1190 (Exploit Public-Facing Application) for RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24115Same product: Tenda W20E
CVE-2026-24112Same product: Tenda W20E
CVE-2026-24108Same product: Tenda W20E
CVE-2026-24111Same product: Tenda W20E
CVE-2026-24114Same product: Tenda W20E
CVE-2026-24110Same product: Tenda W20E
CVE-2026-24113Same product: Tenda W20E
CVE-2026-24107Same product: Tenda W20E
CVE-2025-29137Same vendor: Tenda
CVE-2025-55613Same vendor: Tenda

Affected Assets

tenda
w20e firmware
15.11.0.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates validation of user-controlled inputs like picName at system entry points to prevent buffer overflows from unbounded data passed to sprintf.

preventrecover

Requires timely identification, reporting, and correction of flaws such as this buffer overflow vulnerability via firmware patching.

prevent

Implements memory protections like address space randomization or stack guards to mitigate exploitation of buffer overflows leading to memory corruption.

References