Description
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability.
Published: 2026-03-02
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Buffer Overflow (CWE-120)
Action: Update Firmware
AI Analysis

Impact

An input validation flaw permits attackers to control the nptr parameter, which is passed to getMibPrefix and concatenated via sprintf without size checks, leading to a classic buffer overflow in Tenda W20E firmware. This flaw allows the attacker to overflow the stack, potentially executing arbitrary code or causing a denial of service. The vulnerability is rooted in improper bounds checking (CWE-120).

Affected Systems

The affected product is the Tenda W20E model running firmware version 4.0br_V15.11.0.6. No other vendors or revisions are listed. The CPE identifiers point to the hardware and firmware versions described above.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity, while the EPSS score of less than 1% signals a low probability of current exploitation. It is not listed in CISA's KEV catalog, yet the high base score warrants proactive remediation. Attackers can likely exploit the flaw over the network by sending crafted packets or HTTP requests that trigger the vulnerable getMibPrefix call, provided the device is reachable and remote management is enabled (based on the description, this is inferred).

Generated by OpenCVE AI on April 16, 2026 at 14:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the most recent firmware release from Tenda that addresses this buffer overflow.
  • Disable any unnecessary remote management functions, such as the WAN‑side web interface or SSH, to reduce the attack surface.
  • If an updated firmware is unavailable, block external access to the device’s management ports and isolate it from critical network segments.

Generated by OpenCVE AI on April 16, 2026 at 14:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tenda W20E Firmware Allows Remote Exploitation

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 03 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda w20e
Tenda w20e Firmware
Weaknesses CWE-120
CPEs cpe:2.3:h:tenda:w20e:4.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:w20e_firmware:15.11.0.6:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda w20e
Tenda w20e Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 02 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability.
References

Subscriptions

Tenda W20e W20e Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-05T15:54:30.496Z

Reserved: 2026-01-21T00:00:00.000Z

Link: CVE-2026-24113

cve-icon Vulnrichment

Updated: 2026-03-05T15:54:25.658Z

cve-icon NVD

Status : Modified

Published: 2026-03-02T15:16:33.657

Modified: 2026-03-05T16:16:15.673

Link: CVE-2026-24113

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T15:00:14Z

Weaknesses