CVE-2026-24112

Name of the Vulnerable Software and Affected Versions Tenda W20E version 4.0br V15.11.0.6

Description A buffer overflow issue exists in the addWewifiWhiteUser function of Tenda W20E routers. The issue is related to out-of-bounds write access within the userInfo parameter. Exploitation could allow a remote attacker to execute arbitrary commands. The addWewifiWhiteUser function processes the userInfo variable using sscanf without proper size validation, leading to the buffer overflow.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the addWewifiWhiteUser function until a patch is available.