W20e Firmware
CVE-2026-24109
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of picName. When this value is used in sprintf without validating variable sizes, it could lead to a buffer overflow vulnerability.
AnalysisAI
Tenda W20E has a third buffer overflow in a different CGI parameter.
Technical ContextAI
CWE-120.
RemediationAI
Update firmware.
More in W20e Firmware
View allTenda W20E router has a code injection vulnerability in usbPartitionName parameter allowing unauthenticated remote code
Tenda W20E has a ninth buffer overflow in yet another CGI endpoint.
Tenda W20E has an eighth buffer overflow in addDhcpRules parameter.
Tenda W20E has a seventh buffer overflow in gstup parameter handling.
Tenda W20E has a sixth buffer overflow in pPortMapIndex parameter validation.
Tenda W20E has a fifth buffer overflow.
Tenda W20E has a fourth buffer overflow vulnerability.
Tenda W20E has a buffer overflow — second of eight critical vulnerabilities in this router firmware.
Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTim
Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function for
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today