Cyber Resilience

CVE-2026-24113

CriticalPublic PoC

Published: 02 March 2026

Published
02 March 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0065 46.3th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-24113 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Tenda W20E Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 46.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-24113 is a buffer overflow vulnerability (CWE-120) affecting the Tenda W20E router on firmware version V4.0br_V15.11.0.6. The flaw occurs when an attacker controls the value of the `nptr` parameter, which is passed to the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, enabling a buffer overflow.

The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical), with attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and unchanged scope (S:U), resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H). Remote attackers with network access can exploit it without authentication, potentially achieving arbitrary code execution or denial of service.

Advisories and additional details are provided by Tenda at https://www.tenda.com.cn/material/show/2707 and in the GitHub repository https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24113.

EU & UK References

Vulnerability details

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to…

more

a buffer overflow vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in network-exposed router firmware function allows unauthenticated remote code execution via crafted nptr input to getMibPrefix, directly matching exploitation of a public-facing network device.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24115Same product: Tenda W20E
CVE-2026-24112Same product: Tenda W20E
CVE-2026-24108Same product: Tenda W20E
CVE-2026-24111Same product: Tenda W20E
CVE-2026-24109Same product: Tenda W20E
CVE-2026-24114Same product: Tenda W20E
CVE-2026-24110Same product: Tenda W20E
CVE-2026-24107Same product: Tenda W20E
CVE-2025-29137Same vendor: Tenda
CVE-2025-55613Same vendor: Tenda

Affected Assets

tenda
w20e firmware
15.11.0.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of user-controlled inputs like nptr to prevent buffer overflows from unvalidated concatenation in sprintf.

prevent

Mandates identification, reporting, and timely remediation of the specific buffer overflow flaw in Tenda W20E firmware version V4.0br_V15.11.0.6.

prevent

Provides runtime memory protections such as stack guards or non-executable memory to mitigate exploitation of the buffer overflow for code execution or denial of service.

References