What is the CVSS score of CVE-2026-24110?

CVE-2026-24110 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of W20e Firmware are affected by CVE-2026-24110?

A critical vulnerability in Tenda W20E routers allows remote attackers to crash or compromise affected devices through malformed network configuration requests, with no patch currently available.

Is there a public PoC exploit available for CVE-2026-24110?

Yes, a public proof-of-concept exploit is available for CVE-2026-24110. Prioritise patching immediately. EPSS: 0.1%.

W20e Firmware CVE-2026-24110

CRITICAL

Classic Buffer Overflow (CWE-120)

2026-03-02 cve@mitre.org

Buffer Overflow W20e Firmware

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 03, 2026 - 15:51 vuln.today

Public exploit code

CVE Published

Mar 02, 2026 - 16:16 nvd

CRITICAL 9.8

DescriptionNVD

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long addDhcpRules data. When these rules enter the addDhcpRule function and are processed by ret = sscanf(pRule, " %d\t%[^\t]\t%[^\n\r\t]", &dhcpsIndex, dhcpsIP, dhcpsMac);, the lack of size validation for the rules could lead to buffer overflows in dhcpsIndex, dhcpsIP, and dhcpsMac.

AnalysisAI

Tenda W20E has an eighth buffer overflow in addDhcpRules parameter.

RemediationAI

Within 24 hours: inventory all Tenda W20E V4.0br devices in your network and isolate them to a restricted management VLAN. Within 7 days: implement network segmentation to limit access to affected devices and disable DHCP rule management features if operationally feasible, or apply WAF/IDS signatures to block malformed addDhcpRules requests. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-24110 vulnerability details – vuln.today

Back

W20e Firmware CVE-2026-24110

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code