CVE Catalog

CVE-2026-11523

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Summary

A flaw has been found in Tenda W20E version 15.11.0.6 affecting the function formPortalAuth of the file /goform/PortalAuth in the Web Management Interface. Manipulating the argument gotoUrl can lead to stack-based buffer overflow.

Risk Assessment

An attacker can remotely exploit this vulnerability, posing a serious threat to the security of the device and the network it resides in.

Recommendation

It is recommended to update the device firmware to the latest version to mitigate this vulnerability and to monitor logs for potential attack attempts.

Original NVD description (English source)

A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS