Tenda W20E Buffer Overflow Vulnerability in WiFi Filter Rules Modification

Vulnerability

A buffer overflow vulnerability has been identified in the Tenda W20E router, specifically in the version V4.0br_V15.11.0.6. The issue arises in the 'goform/formWifiFilterRulesModify' component, where attackers can manipulate the 'nptr' value. This value is then passed to the 'getMibPrefix' function and concatenated using 'sprintf' without adequate size validation, potentially leading to memory corruption.

Impact

Exploitation of this vulnerability can result in a buffer overflow, which may allow for arbitrary code execution or causing a denial-of-service condition on the device.

Added: Mar 2, 2026, 3:22 PM

Updated: Mar 2, 2026, 9:57 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

1.3

exploitability

7.8

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

1.3

exploitability

7.8

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda W20E Buffer Overflow Vulnerability in WiFi Filter Rules Modification

Vulnerability

Impact

Affected Products

Tenda W20E

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating