Sign-up

ID

VAR-202603-0161


CVE

CVE-2026-24114


TITLE

Shenzhen Tenda Technology Co.,Ltd. of W20E  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-005967

DESCRIPTION

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`. `pPortMapIndex` Due to insufficient verification of `strcpy` When used, a buffer overflow may occur, which may compromise the security of your system.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-24114 // JVNDB: JVNDB-2026-005967

AFFECTED PRODUCTS

vendor:tendamodel:w20escope:eqversion:15.11.0.6

Trust: 1.0

vendor:tendamodel:w20escope:eqversion: -

Trust: 0.8

vendor:tendamodel:w20escope:eqversion:w20e firmware 15.11.0.6

Trust: 0.8

vendor:tendamodel:w20escope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-005967 // NVD: CVE-2026-24114

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2026-24114
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2026-24114
value: HIGH

Trust: 1.0

NVD: CVE-2026-24114
value: CRITICAL

Trust: 0.8

nvd@nist.gov: CVE-2026-24114
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2026-24114
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2026-24114
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-005967 // NVD: CVE-2026-24114 // NVD: CVE-2026-24114

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-005967 // NVD: CVE-2026-24114

PATCH

title:CVEreport/D-link/CVE-2026-24114 at main  akuma-QAQ/CVEreport  GitHuburl:https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24114

Trust: 0.8

sources: JVNDB: JVNDB-2026-005967

EXTERNAL IDS

db:NVDid:CVE-2026-24114

Trust: 2.6

db:JVNDBid:JVNDB-2026-005967

Trust: 0.8

sources: JVNDB: JVNDB-2026-005967 // NVD: CVE-2026-24114

REFERENCES

url:https://www.tenda.com.cn/material/show/2707

Trust: 1.8

url:https://github.com/akuma-qaq/cvereport/tree/main/d-link/cve-2026-24114

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-24114

Trust: 0.8

sources: JVNDB: JVNDB-2026-005967 // NVD: CVE-2026-24114

SOURCES

db:JVNDBid:JVNDB-2026-005967
db:NVDid:CVE-2026-24114

LAST UPDATE DATE

2026-03-07T23:39:40.758000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-005967date:2026-03-05T02:50:00
db:NVDid:CVE-2026-24114date:2026-03-03T20:16:47.607

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-005967date:2026-03-05T00:00:00
db:NVDid:CVE-2026-24114date:2026-03-02T15:16:33.810