Which versions of Tenda W20E are affected by CVE-2026-11524?

Tenda W20E routers running firmware 15.11.0.6 contain a stack-based buffer overflow in the web management interface that allows authenticated attackers to corrupt router memory and compromise…

Is there a public PoC exploit available for CVE-2026-11524?

Yes, a public proof-of-concept exploit is available for CVE-2026-11524. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-11524?

Within 24 hours: Identify all Tenda W20E devices in your environment; confirm firmware version 15.11.0.6; restrict access to the web management interface (/goform/modifyWifiFilterRules endpoint) via IP whitelisting to authorized administrative networks only. Within 7 days: Disable WAN-accessible management features and require local network or VPN access for any remote administration; audit and strengthen administrator credentials; enable management interface logging. Within 30 days: Monitor Tenda security advisories for firmware updates; if no patch is released, develop a procurement and migration plan to replace affected routers with alternative platforms.

Tenda W20E CVE-2026-11524

Q: What is the CVSS score of CVE-2026-11524?

CVE-2026-11524 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-35084 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-06-08 VulDB

GHSA-hmh7-xjhg-5rc9

Tenda Stack Overflow Buffer Overflow

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Jun 08, 2026 - 16:29 vuln.today

v3 (cvss_changed)

Analysis Updated

Jun 08, 2026 - 16:29 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Jun 08, 2026 - 16:22 vuln.today

cvss_changed

CVSS changed

Jun 08, 2026 - 16:22 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

Jun 08, 2026 - 16:17 vuln.today

DescriptionNVD

A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipulation of the argument wifiFilterListRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Stack-based buffer overflow in the Tenda W20E router (firmware 15.11.0.6) allows remote authenticated attackers to corrupt memory via the wifiFilterListRemark parameter of the /goform/modifyWifiFilterRules endpoint in the Web Management Interface. Publicly available exploit code exists per VulDB disclosure, raising the practical risk for exposed management interfaces, though no public exploit identified at time of analysis confirms active in-the-wild exploitation. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Discover exposed W20E management interface

Delivery

Obtain low-privileged credentials

Exploit

Send crafted POST to /goform/modifyWifiFilterRules

Install

Overflow stack via wifiFilterListRemark

Hijack saved return address

Execute

Execute shellcode as root

Impact

Pivot to LAN or install botnet implant