CVE-2026-11523
Received Received - Intake
Stack-Based Buffer Overflow in Tenda W20E Router

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: VulDB

Description
A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-09
AI Q&A
2026-06-08
EPSS Evaluated
N/A
NVD
CVE-2026-11523
EUVD
EUVD-2026-35080
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda w20e 15.11.0.6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can have severe impacts including denial of service (DoS) by crashing the router's web management interface or remote code execution (RCE) with root privileges. An attacker exploiting this flaw could take full control of the affected device remotely, potentially compromising the entire network it manages.

Executive Summary

CVE-2026-11523 is a stack-based buffer overflow vulnerability found in the Tenda W20E router's web management interface, specifically in the formPortalAuth function. This function processes portal authentication requests and uses an unsafe strcpy operation to copy the user-supplied gotoUrl parameter into a fixed-size 256-byte buffer without checking the length.

An attacker can exploit this vulnerability by sending a specially crafted, overly long string to the /goform/PortalAuth endpoint. This causes the buffer to overflow, potentially leading to a service crash or allowing the attacker to execute arbitrary code remotely with root privileges.

Detection Guidance

This vulnerability can be detected by sending a specially crafted HTTP POST request to the /goform/PortalAuth endpoint of the Tenda W20E router running version 15.11.0.6. The request should include an overly long string in the gotoUrl parameter to test for a stack-based buffer overflow.

A proof-of-concept involves sending a payload of 1000 'A' characters to the gotoUrl parameter, which can trigger the overflow and potentially cause a service crash or remote code execution.

Example command using curl to test the vulnerability:

  • curl -X POST http://[router_ip]/goform/PortalAuth -d "gotoUrl=$(python3 -c 'print("A"*1000)')"

Replace [router_ip] with the IP address of the target device. Monitoring for crashes or abnormal behavior after sending this request can indicate the presence of the vulnerability.

Mitigation Strategies

Immediate mitigation steps include restricting access to the web management interface, especially the /goform/PortalAuth endpoint, to trusted networks or IP addresses only.

Disable remote management features if not required to reduce exposure.

Monitor the device for unusual behavior or crashes that may indicate exploitation attempts.

Apply any available firmware updates or patches from the vendor that address this vulnerability once released.

If no patch is available, consider using network-level protections such as firewalls or intrusion prevention systems to block malicious requests targeting the /goform/PortalAuth endpoint.

Compliance Impact

The vulnerability in Tenda W20E allows remote attackers to execute arbitrary code with root privileges or cause denial of service via a stack-based buffer overflow in the web management interface. This can lead to unauthorized access, data breaches, or disruption of services.

Such security issues can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data, ensuring confidentiality, integrity, and availability of systems. Exploitation of this vulnerability could result in unauthorized data access or loss of system availability, thereby violating these regulatory requirements.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11523. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart