top of page
perceptive_background_267k.jpg

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function a…

Published:

1 maart 2026 om 23:00:00

Alert date:

2 maart 2026 om 21:08:05

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Mobile & IoT

A buffer overflow vulnerability was discovered in Tenda W20E router firmware V15.11.0.6. The vulnerability exists in the addDhcpRule function where attackers can send overly long addDhcpRules data. The sscanf function processes this data without proper size validation, leading to buffer overflows in dhcpsIndex, dhcpsIP, and dhcpsMac variables. This lack of input validation could allow attackers to exploit the DHCP rule processing functionality.

Technical details

Mitigation steps:

Affected products:

Tenda W20E

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-24110
https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24110
https://www.tenda.com.cn/material/show/2707

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page