An attacker can exploit a buffer overflow in the Tenda W20E V4.0 firmware because the sizes of the gstup and gstdwn fields are not validated before they are concatenated into the gstruleQos string. When oversized data is supplied, the concatenation overruns the allocated buffer, corrupting neighbouring memory. This memory corruption can allow the attacker to execute arbitrary code or crash the device, compromising confidentiality, integrity and availability. The weakness is a classic instance of CWE‑120: Buffer Copy without Checking Size of Destination Buffer.

The vulnerability exists in Tenda W20E routers running firmware version V4.0br_V15.11.0.6. Devices that have not been updated to later firmware releases that contain the patch are at risk. The affected product family is Tenda W20E, a consumer‑grade wireless router, as identified by the CPE entries for the hardware and firmware.

The CVSS score of 9.8 classifies this flaw as critical, indicating high exploitation potential if the conditions are met. The EPSS score of less than 1% suggests that the prevalence of exploit activity is currently low, but the criticality of the flaw warrants prompt action. The flaw is not listed in CISA’s KEV catalog, so no known active exploits have been reported to date. Although the CVE description does not specify the exact attack vector, the involved parameters are normally accepted over the device’s web‑based management interface, implying the likely vector is a remote network connection that can send crafted gstup and gstdwn values.