CVE-2026-11523
HighCVSS 8.8Summary
A flaw has been found in Tenda W20E version 15.11.0.6 affecting the function formPortalAuth of the file /goform/PortalAuth in the Web Management Interface. Manipulating the argument gotoUrl can lead to stack-based buffer overflow.
Risk Assessment
An attacker can remotely exploit this vulnerability, posing a serious threat to the security of the device and the network it resides in.
Recommendation
It is recommended to update the device firmware to the latest version to mitigate this vulnerability and to monitor logs for potential attack attempts.
Original NVD description (English source)
A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.

