What is the CVSS score of CVE-2026-24108?

CVE-2026-24108 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of W20e Firmware are affected by CVE-2026-24108?

A critical vulnerability (CVE-2026-24108) affecting Tenda W20E routers allows remote attackers to gain unauthorized control with a CVSS score of 9.8.

Is there a public PoC exploit available for CVE-2026-24108?

Yes, a public proof-of-concept exploit is available for CVE-2026-24108. Prioritise patching immediately. EPSS: 0.1%.

W20e Firmware CVE-2026-24108

CRITICAL

Classic Buffer Overflow (CWE-120)

2026-03-02 cve@mitre.org

Buffer Overflow W20e Firmware

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 03, 2026 - 15:54 vuln.today

Public exploit code

CVE Published

Mar 02, 2026 - 15:16 nvd

CRITICAL 9.8

DescriptionNVD

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of nptr. When this value is passed into the getMibPrefix function and concatenated using sprintf without proper size validation, it could lead to a buffer overflow vulnerability.

AnalysisAI

Tenda W20E has a buffer overflow — second of eight critical vulnerabilities in this router firmware.

RemediationAI

Within 24 hours: Identify all Tenda W20E V4.0br_V15.11.0.6 devices in your network inventory and isolate affected units from production environments where possible. Within 7 days: Implement network segmentation to restrict access to these devices, disable remote management features, and establish enhanced monitoring for suspicious traffic. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-24108 vulnerability details – vuln.today

Back

W20e Firmware CVE-2026-24108

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code