CVE-2026-24111
Received Received - Intake

Buffer Overflow in Tenda W20E addAuthUser Function

Vulnerability report for CVE-2026-24111, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-02

Last updated on: 2026-03-05

Assigner: MITRE

Description

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addAuthUser` function and processed by `sscanf` without size validation, it could lead to buffer overflow.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-02
Last Modified
2026-03-05
Generated
2026-07-06
AI Q&A
2026-03-02
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
tenda w20e_firmware 15.11.0.6

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Tenda W20E device, specifically version 4.0br_V15.11.0.6. It occurs when an attacker specifies a value for the parameter `userInfo` that is passed into the `addAuthUser` function. The function processes this input using the `sscanf` function without validating the size of the input. This lack of size validation can lead to a buffer overflow condition.

Impact Analysis

The buffer overflow caused by this vulnerability can potentially allow attackers to execute arbitrary code or cause a denial of service on the affected device. This could lead to unauthorized access, disruption of network services, or compromise of the device's integrity.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24111. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart