Details of VAR-202603-0158

ID

VAR-202603-0158

CVE

CVE-2026-24110

TITLE

Shenzhen Tenda Technology Co.,Ltd. of W20E Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-005971

DESCRIPTION

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule, " %d\t%[^\t]\t%[^\n\r\t]", &dhcpsIndex, dhcpsIP, dhcpsMac);`, the lack of size validation for the rules could lead to buffer overflows in `dhcpsIndex`, `dhcpsIP`, and `dhcpsMac`. Tenda W20E V4.0br_V15.11.0.6 is vulnerable. An attacker can addDhcpRules You can send data, addDhcpRule A buffer overflow can occur due to insufficient size validation within a function.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-24110 // JVNDB: JVNDB-2026-005971

AFFECTED PRODUCTS

vendor:	tenda	model:	w20e	scope:	eq	version:	15.11.0.6	Trust: 1.0
vendor:	tenda	model:	w20e	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	w20e	scope:	eq	version:	w20e firmware 15.11.0.6	Trust: 0.8
vendor:	tenda	model:	w20e	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-005971 // NVD: CVE-2026-24110

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2026-24110
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2026-005971
value:	CRITICAL
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2026-24110
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-005971
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-005971 // NVD: CVE-2026-24110

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-005971 // NVD: CVE-2026-24110

PATCH

title:

CVEreport/D-link/CVE-2026-24110 at main akuma-QAQ/CVEreport GitHub

url:

https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24110

Trust: 0.8

sources: JVNDB: JVNDB-2026-005971

EXTERNAL IDS

db:	NVD	id:	CVE-2026-24110	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-005971	Trust: 0.8

sources: JVNDB: JVNDB-2026-005971 // NVD: CVE-2026-24110

REFERENCES

url:	https://www.tenda.com.cn/material/show/2707	Trust: 1.8
url:	https://github.com/akuma-qaq/cvereport/tree/main/d-link/cve-2026-24110	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-24110	Trust: 0.8

sources: JVNDB: JVNDB-2026-005971 // NVD: CVE-2026-24110

SOURCES

db:	JVNDB	id:	JVNDB-2026-005971
db:	NVD	id:	CVE-2026-24110

LAST UPDATE DATE

2026-03-07T23:34:14.871000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-005971	date:	2026-03-05T02:50:00
db:	NVD	id:	CVE-2026-24110	date:	2026-03-03T15:51:55.637

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-005971	date:	2026-03-05T00:00:00
db:	NVD	id:	CVE-2026-24110	date:	2026-03-02T16:16:24.547