What is the CVSS score of CVE-2026-24113?

CVE-2026-24113 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of W20e Firmware are affected by CVE-2026-24113?

A critical vulnerability (CVSS 9.8) in Tenda W20E wireless routers allows remote attackers to execute arbitrary code with minimal user interaction.

Is there a public PoC exploit available for CVE-2026-24113?

Yes, a public proof-of-concept exploit is available for CVE-2026-24113. Prioritise patching immediately. EPSS: 0.1%.

W20e Firmware CVE-2026-24113

CRITICAL

Classic Buffer Overflow (CWE-120)

2026-03-02 cve@mitre.org

Buffer Overflow W20e Firmware

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 05, 2026 - 16:16 vuln.today

Public exploit code

CVE Published

Mar 02, 2026 - 15:16 nvd

CRITICAL 9.8

DescriptionNVD

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of nptr. When this value is passed into the getMibPrefix function and concatenated using sprintf without proper size validation, it could lead to a buffer overflow vulnerability.

AnalysisAI

Tenda W20E has a fifth buffer overflow.

RemediationAI

Within 24 hours: Inventory all Tenda W20E V4.0br_V15.11.0.6 devices across the organization and isolate affected units from critical networks if possible. Within 7 days: Implement network segmentation to restrict router administrative access and monitor for exploitation attempts; contact Tenda for patch timeline estimates. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-24113 vulnerability details – vuln.today

Back

W20e Firmware CVE-2026-24113

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code