Description
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vulnerability.
Published: 2026-03-02
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution
Action: Immediate Patch
AI Analysis

Impact

Tenda W20E firmware V4.0br_V15.11.0.6 contains a buffer overflow that can be triggered by specifying an overly long value for the parameter picName when it is passed to sprintf without length checks. If an attacker can control this input, the overflow can overwrite adjacent memory and allow execution of arbitrary code, compromising the integrity and confidentiality of the device and the network it supports.

Affected Systems

The affected system is the Tenda W20E wireless router running firmware build 4.0br V15.11.0.6. Only that firmware version is known to contain the flaw.

Risk and Exploitability

The flaw is scored CVSS 9.8, placing it in the Critical severity range. The EPSS score is below 1 %, indicating a very low current exploitation probability, and the issue is not listed in the CISA KEV catalog. Although the official attack vector is not explicitly disclosed, it is inferred that an attacker needs to send a crafted request containing the picName parameter, suggesting a remote or network‑based exploitation scenario. The primary impact is the potential for arbitrary code execution on the affected router.

Generated by OpenCVE AI on April 17, 2026 at 13:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Tenda firmware update that addresses the picName buffer overflow.
  • If an update is not immediately available, disable or restrict remote management interfaces that allow modification of the picName parameter, such as disabling the web administration or API services that expose this input.
  • Limit access to the router’s management interfaces to trusted IP addresses only, using network segmentation or firewall rules to reduce the attack surface.
  • Monitor router logs for unexpected or malformed picName inputs and set up alerts for suspicious activity.

Generated by OpenCVE AI on April 17, 2026 at 13:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda W20E W20E Router via picName Parameter

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 03 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda w20e
Tenda w20e Firmware
Weaknesses CWE-120
CPEs cpe:2.3:h:tenda:w20e:4.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:w20e_firmware:15.11.0.6:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda w20e
Tenda w20e Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 02 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vulnerability.
References

Subscriptions

Tenda W20e W20e Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-05T15:52:58.464Z

Reserved: 2026-01-21T00:00:00.000Z

Link: CVE-2026-24109

cve-icon Vulnrichment

Updated: 2026-03-05T15:52:24.329Z

cve-icon NVD

Status : Modified

Published: 2026-03-02T15:16:33.330

Modified: 2026-03-05T16:16:15.307

Link: CVE-2026-24109

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:45:16Z

Weaknesses