Cyber Posture

CVE-2026-24115

CriticalPublic PoC

Published: 02 March 2026

Published
02 March 2026
Modified
03 March 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 8.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24115 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Tenda W20E Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 8.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Requires validation of input sizes for parameters like gstup and gstdwn before concatenation into gstruleQos, directly preventing the buffer overflow.

SI-16 Memory Protection good match
prevent

Implements memory protections such as stack canaries and non-executable memory to mitigate exploitation of buffer overflows even if validation fails.

SI-2 Flaw Remediation good match
prevent

Mandates timely application of vendor patches for known flaws like CVE-2026-24115 to remediate the buffer overflow vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Buffer overflow in network-exposed router service (Tenda web/QoS parameter handling) directly enables remote unauthenticated code execution against a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow.

Deeper analysisAI

CVE-2026-24115, published on 2026-03-02, is a buffer overflow vulnerability (CWE-120) affecting the Tenda W20E router running firmware version V4.0br_V15.11.0.6. The flaw occurs due to a failure to validate the sizes of the `gstup` and `gstdwn` parameters before concatenating them into `gstruleQos`, which can trigger a buffer overflow. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.

Remote attackers with network access can exploit this vulnerability without authentication, privileges, or user interaction and with low complexity. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data theft, or denial of service on the affected device.

Mitigation guidance and patches are detailed in the vendor advisory at https://www.tenda.com.cn/material/show/2707, with additional analysis available in a CVE report on GitHub at https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24115.

Details

CWE(s)
CWE-120

Affected Products

tenda
w20e firmware
15.11.0.6

CVEs Like This One

CVE-2026-24110Same product: Tenda W20E
CVE-2026-24111Same product: Tenda W20E
CVE-2026-24112Same product: Tenda W20E
CVE-2026-24109Same product: Tenda W20E
CVE-2026-24113Same product: Tenda W20E
CVE-2026-24114Same product: Tenda W20E
CVE-2026-24108Same product: Tenda W20E
CVE-2026-24107Same product: Tenda W20E
CVE-2025-29137Same vendor: Tenda
CVE-2025-55606Same vendor: Tenda

References