top of page
perceptive_background_267k.jpg

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function a…

Published:

1 March 2026 at 23:00:00

Alert date:

2 March 2026 at 18:02:45

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Mobile & IoT

A buffer overflow vulnerability was discovered in Tenda W20E router firmware version V15.11.0.6. The vulnerability exists in the addDhcpRule function where attackers can send overly long addDhcpRules data. The sscanf function processes this data without proper size validation, leading to buffer overflows in dhcpsIndex, dhcpsIP, and dhcpsMac variables. This could allow attackers to exploit the router's DHCP functionality to cause memory corruption.

Technical details

Mitigation steps:

Affected products:

Tenda W20E

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-24110
https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24110
https://www.tenda.com.cn/material/show/2707

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page