Cyber Resilience

CVE-2026-24112

CriticalPublic PoC

Published: 02 March 2026

Published
02 March 2026
Modified
03 March 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0053 40.6th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-24112 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Tenda W20E Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-24112 is a buffer overflow vulnerability (CWE-120) discovered in the Tenda W20E router running firmware version V4.0br_V15.11.0.6. The issue arises when the `userInfo` parameter is passed to the `addWewifiWhiteUser` function, where it is processed by `sscanf` without proper size validation, allowing attackers to trigger a buffer overflow. This flaw has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high impact on confidentiality, integrity, and availability.

Remote attackers can exploit this vulnerability over the network without authentication, privileges, or user interaction. By crafting and sending a malicious `userInfo` value, an attacker can overflow the buffer in the affected function, potentially leading to arbitrary code execution, denial of service, or unauthorized access to the device.

Mitigation details are available in vendor advisories, including the Tenda security bulletin at https://www.tenda.com.cn/material/show/2707 and a related report at https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24112. Security practitioners should consult these resources for patch availability, firmware updates, or workarounds specific to the Tenda W20E.

EU & UK References

Vulnerability details

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validation, it could lead to a buffer…

more

overflow vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in unauthenticated network-exposed router management function directly enables remote exploitation of a public-facing application for RCE/DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24115Same product: Tenda W20E
CVE-2026-24108Same product: Tenda W20E
CVE-2026-24111Same product: Tenda W20E
CVE-2026-24109Same product: Tenda W20E
CVE-2026-24114Same product: Tenda W20E
CVE-2026-24110Same product: Tenda W20E
CVE-2026-24113Same product: Tenda W20E
CVE-2026-24107Same product: Tenda W20E
CVE-2025-29137Same vendor: Tenda
CVE-2025-55613Same vendor: Tenda

Affected Assets

tenda
w20e firmware
15.11.0.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 requires input validation at entry points, directly preventing the buffer overflow by ensuring the userInfo parameter is validated for size and format before processing by sscanf.

prevent

SI-2 mandates timely identification and remediation of flaws like this buffer overflow vulnerability through firmware patching.

prevent

SI-16 implements memory protections such as stack canaries, ASLR, and DEP to mitigate unauthorized code execution from buffer overflows.

References