Description
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability.
Published: 2026-03-02
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution
Action: Immediate Patch
AI Analysis

Impact

A buffer overflow occurs in the Tenda W20E firmware when an attacker controls the value of the variable nptr. The value is passed to the getMibPrefix function and concatenated using sprintf without proper length checks, which can overwrite adjacent memory and give the attacker the ability to execute arbitrary code on the device.

Affected Systems

The vulnerability exists in Tenda W20E model V4.0br firmware version 15.11.0.6. No other vendors or product versions are affected according to the current data.

Risk and Exploitability

The CVSS score of 9.8 marks this flaw as critical, and an EPSS score of less than 1% indicates a low probability of exploitation but not zero. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector is likely remote, as the attacker can influence the nptr value through network interactions with the router’s management interface; however, this is inferred from the described behavior and not explicitly stated in the advisory.

Generated by OpenCVE AI on April 17, 2026 at 13:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Tenda W20E firmware to a version that addresses the getMibPrefix buffer overflow.
  • Limit remote management access to the router’s web interface to trusted internal networks or VPNs.
  • Implement firewall policies to detect and block anomalous or excessively large requests to the router’s management ports.

Generated by OpenCVE AI on April 17, 2026 at 13:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda W20E Firmware via Improper Size Validation

Tue, 03 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda w20e
Tenda w20e Firmware
CPEs cpe:2.3:h:tenda:w20e:4.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:w20e_firmware:15.11.0.6:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda w20e
Tenda w20e Firmware

Tue, 03 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 03 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 02 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability.
References

Subscriptions

Tenda W20e W20e Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-03T01:50:09.707Z

Reserved: 2026-01-21T00:00:00.000Z

Link: CVE-2026-24108

cve-icon Vulnrichment

Updated: 2026-03-03T01:49:52.691Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-02T15:16:33.170

Modified: 2026-03-03T15:54:49.147

Link: CVE-2026-24108

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:45:16Z

Weaknesses