CVE Catalog

CVE-2026-11522

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Summary

A vulnerability was detected in Tenda W20E version 15.11.0.6, affecting the function formSetPortMirror in the file /goform/setPortMirror. Manipulating the argument portMirrorMirroredPorts results in a stack-based buffer overflow.

Risk Assessment

An attacker can remotely exploit this vulnerability, potentially leading to device takeover or unauthorized code execution.

Recommendation

It is recommended to update the device firmware to the latest version to mitigate this vulnerability and to monitor logs for potential attack attempts.

Original NVD description (English source)

A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS