Description
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validation, it could lead to a buffer overflow vulnerability.
Published: 2026-03-02
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a classic buffer overflow (CWE‑120) in the addWewifiWhiteUser function of the Tenda W20E router. When a crafted userInfo string is processed by sscanf without size validation, the buffer is overflowed, corrupting adjacent memory. This can lead to arbitrary code execution or a denial‑of‑service condition on the device.

Affected Systems

The flaw affects all Tenda W20E routers running firmware 4.0br V15.11.0.6.

Risk and Exploitability

The likely attack vector is remote via the router’s management interface that accepts the userInfo parameter, most plausibly a web or API endpoint. The CVSS score of 7.5 indicates high severity, while the EPSS score of less than 1% suggests that publicly documented exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog. An attacker does not need local or physical access; proximity to the device is therefore not required. Successful exploitation could grant code execution or force the router to reboot.

Generated by OpenCVE AI on April 18, 2026 at 17:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest available Tenda W20E firmware that includes a fix for the addWewifiWhiteUser buffer overflow.
  • If no firmware update is available, block or restrict traffic to the router’s management interface, for example by disabling remote administration or limiting access to a trusted IP range.
  • Implement strict input validation on the userInfo field before it reaches sscanf, ensuring the string length never exceeds the buffer size.
  • Employ network segmentation or a firewall to isolate the router from external networks, reducing exposure of the vulnerable interface.

Generated by OpenCVE AI on April 18, 2026 at 17:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda W20E Router Firmware 4.0br V15.11.0.6

Tue, 03 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 03 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda w20e
Tenda w20e Firmware
Weaknesses CWE-120
CPEs cpe:2.3:h:tenda:w20e:4.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:w20e_firmware:15.11.0.6:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda w20e
Tenda w20e Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 02 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validation, it could lead to a buffer overflow vulnerability.
References

Subscriptions

Tenda W20e W20e Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-03T20:09:05.330Z

Reserved: 2026-01-21T00:00:00.000Z

Link: CVE-2026-24112

cve-icon Vulnrichment

Updated: 2026-03-03T20:09:00.807Z

cve-icon NVD

Status : Modified

Published: 2026-03-02T16:16:24.680

Modified: 2026-03-03T20:16:47.360

Link: CVE-2026-24112

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T17:45:06Z

Weaknesses