{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-24109", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-05T15:52:58.464Z", "dateReserved": "2026-01-21T00:00:00.000Z", "datePublished": "2026-03-02T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-02T14:32:45.511Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vulnerability."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.tenda.com.cn/material/show/2707"}, {"url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24109"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "references": [{"url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24109", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T15:51:18.946895Z", "id": "CVE-2026-24109", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:52:58.464Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-24109", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-05T15:51:18.946895Z"}}}], "references": [{"url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24109", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:52:24.329Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.tenda.com.cn/material/show/2707"}, {"url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24109"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-02T14:32:45.511Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24109", "state": "PUBLISHED", "dateUpdated": "2026-03-05T15:52:58.464Z", "dateReserved": "2026-01-21T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-02T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:w20e_firmware:15.11.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "31C1283D-8DCF-49C0-92FF-34CF842D00BF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:w20e:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A09E3911-CF3F-4C15-8EF9-5AA8EEA0FC21", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vulnerability."}], "id": "CVE-2026-24109", "lastModified": "2026-03-05T16:16:15.307", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-02T15:16:33.330", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24109"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.tenda.com.cn/material/show/2707"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24109"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "V4.0br_V15.11.0.6"}}], "enrichment": {"confidence": 75.0, "confidence_source": "inferred", "scores": [{"score": 75.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "w20e", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-17T13:43:24.125123+00:00", "value": {"mitigation_remediation": ["Apply the latest Tenda firmware update that addresses the picName buffer overflow.", "If an update is not immediately available, disable or restrict remote management interfaces that allow modification of the picName parameter, such as disabling the web administration or API services that expose this input.", "Limit access to the router\u2019s management interfaces to trusted IP addresses only, using network segmentation or firewall rules to reduce the attack surface.", "Monitor router logs for unexpected or malformed picName inputs and set up alerts for suspicious activity."], "summary": {"action": "Immediate Patch", "impact": "Remote code execution"}, "threat_synthesis": {"affected_systems": "The affected system is the Tenda W20E wireless router running firmware build 4.0br V15.11.0.6. Only that firmware version is known to contain the flaw.", "description_and_impact": "Tenda W20E firmware V4.0br_V15.11.0.6 contains a buffer overflow that can be triggered by specifying an overly long value for the parameter picName when it is passed to sprintf without length checks. If an attacker can control this input, the overflow can overwrite adjacent memory and allow execution of arbitrary code, compromising the integrity and confidentiality of the device and the network it supports.", "risk_and_exploitability": "The flaw is scored CVSS 9.8, placing it in the Critical severity range. The EPSS score is below 1\u202f%, indicating a very low current exploitation probability, and the issue is not listed in the CISA KEV catalog. Although the official attack vector is not explicitly disclosed, it is inferred that an attacker needs to send a crafted request containing the picName parameter, suggesting a remote or network\u2011based exploitation scenario. The primary impact is the potential for arbitrary code execution on the affected router."}}}}, "created": "2026-03-03T08:46:39.498519+00:00", "title": "Buffer Overflow in Tenda W20E W20E Router via picName Parameter", "updated": "2026-04-17T13:45:16.034948+00:00", "vendors": ["tenda", "tenda$PRODUCT$w20e"]}