Details of VAR-202603-0162

ID

VAR-202603-0162

CVE

CVE-2026-24115

TITLE

Shenzhen Tenda Technology Co.,Ltd. of W20E Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-005966

DESCRIPTION

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-24115 // JVNDB: JVNDB-2026-005966

AFFECTED PRODUCTS

vendor:	tenda	model:	w20e	scope:	eq	version:	15.11.0.6	Trust: 1.0
vendor:	tenda	model:	w20e	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	w20e	scope:	eq	version:	w20e firmware 15.11.0.6	Trust: 0.8
vendor:	tenda	model:	w20e	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-005966 // NVD: CVE-2026-24115

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2026-24115
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2026-24115
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2026-24115
value:	CRITICAL
Trust: 0.8

nvd@nist.gov:	CVE-2026-24115
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2026-24115
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-005966 // NVD: CVE-2026-24115 // NVD: CVE-2026-24115

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-005966 // NVD: CVE-2026-24115

PATCH

title:

CVEreport/D-link/CVE-2026-24115 at main akuma-QAQ/CVEreport GitHub

url:

https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24115

Trust: 0.8

sources: JVNDB: JVNDB-2026-005966

EXTERNAL IDS

db:	NVD	id:	CVE-2026-24115	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-005966	Trust: 0.8

sources: JVNDB: JVNDB-2026-005966 // NVD: CVE-2026-24115

REFERENCES

url:	https://www.tenda.com.cn/material/show/2707	Trust: 1.8
url:	https://github.com/akuma-qaq/cvereport/tree/main/d-link/cve-2026-24115	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-24115	Trust: 0.8

sources: JVNDB: JVNDB-2026-005966 // NVD: CVE-2026-24115

SOURCES

db:	JVNDB	id:	JVNDB-2026-005966
db:	NVD	id:	CVE-2026-24115

LAST UPDATE DATE

2026-03-07T23:59:06.737000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-005966	date:	2026-03-05T02:50:00
db:	NVD	id:	CVE-2026-24115	date:	2026-03-03T21:15:58.057

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-005966	date:	2026-03-05T00:00:00
db:	NVD	id:	CVE-2026-24115	date:	2026-03-02T15:16:33.977