CVE-2026-24112
Published: 02 March 2026
Summary
CVE-2026-24112 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Tenda W20E Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 8.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires input validation at entry points, directly preventing the buffer overflow by ensuring the userInfo parameter is validated for size and format before processing by sscanf.
SI-2 mandates timely identification and remediation of flaws like this buffer overflow vulnerability through firmware patching.
SI-16 implements memory protections such as stack canaries, ASLR, and DEP to mitigate unauthorized code execution from buffer overflows.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in unauthenticated network-exposed router management function directly enables remote exploitation of a public-facing application for RCE/DoS.
NVD Description
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validation, it could lead to a buffer…
more
overflow vulnerability.
Deeper analysisAI
CVE-2026-24112 is a buffer overflow vulnerability (CWE-120) discovered in the Tenda W20E router running firmware version V4.0br_V15.11.0.6. The issue arises when the `userInfo` parameter is passed to the `addWewifiWhiteUser` function, where it is processed by `sscanf` without proper size validation, allowing attackers to trigger a buffer overflow. This flaw has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high impact on confidentiality, integrity, and availability.
Remote attackers can exploit this vulnerability over the network without authentication, privileges, or user interaction. By crafting and sending a malicious `userInfo` value, an attacker can overflow the buffer in the affected function, potentially leading to arbitrary code execution, denial of service, or unauthorized access to the device.
Mitigation details are available in vendor advisories, including the Tenda security bulletin at https://www.tenda.com.cn/material/show/2707 and a related report at https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24112. Security practitioners should consult these resources for patch availability, firmware updates, or workarounds specific to the Tenda W20E.
Details
- CWE(s)