What is the CVSS score of CVE-2026-24111?

CVE-2026-24111 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of W20e Firmware are affected by CVE-2026-24111?

A critical vulnerability (CVSS 9.8) affecting Tenda W20E routers allows unauthenticated remote code execution through the userInfo parameter.

Is there a public PoC exploit available for CVE-2026-24111?

Yes, a public proof-of-concept exploit is available for CVE-2026-24111. Prioritise patching immediately. EPSS: 0.1%.

W20e Firmware CVE-2026-24111

CRITICAL

Classic Buffer Overflow (CWE-120)

2026-03-02 cve@mitre.org

Buffer Overflow W20e Firmware

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 05, 2026 - 16:16 vuln.today

Public exploit code

CVE Published

Mar 02, 2026 - 15:16 nvd

CRITICAL 9.8

DescriptionNVD

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addAuthUser function and processed by sscanf without size validation, it could lead to buffer overflow.

AnalysisAI

Tenda W20E has a fourth buffer overflow vulnerability.

RemediationAI

Within 24 hours: Identify all Tenda W20E V4.0br devices in your network inventory and isolate affected units from production traffic if business-critical. Within 7 days: Contact Tenda for patch status and timelines; implement network segmentation to restrict router management access to trusted administrative networks only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-24111 vulnerability details – vuln.today

Back

W20e Firmware CVE-2026-24111

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code