CVE-2026-24110

Name of the Vulnerable Software and Affected Versions Tenda W20E version 4.0br V15.11.0.6

Description A buffer overflow issue exists in the Tenda W20E. The issue occurs due to insufficient size validation when processing overly long addDhcpRules data. Specifically, the addDhcpRule function uses sscanf to process the rules, and the lack of validation for dhcpsIndex, dhcpsIP, and dhcpsMac can lead to buffer overflows. The vulnerable function is addDhcpRule. The sscanf function is used with the format string " %dt%[^t]t%[^ rt]".

Recommendations Update to a newer version that contains a fix for this vulnerability.