PatchSiren cyber security CVE debrief
CVE-2026-11522 Tenda CVE debrief
A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
- Vendor
- Tenda
- Product
- W20E
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of Tenda W20E 15.11.0.6 are advised to take immediate action to mitigate this vulnerability.
Technical summary
The vulnerability has a CVSS score of 7.4 and is classified as HIGH severity. It is caused by a stack-based buffer overflow in the formSetPortMirror function of the /goform/setPortMirror file. The vulnerability can be exploited remotely.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Restrict access to the /goform/setPortMirror file to prevent unauthorized manipulation.
- Monitor network traffic for suspicious activity related to the vulnerability.
Evidence notes
The vulnerability was detected in Tenda W20E 15.11.0.6 and affects the formSetPortMirror function of the /goform/setPortMirror file.
Official resources
CVE-2026-11522 was published on 2026-06-08T16:16:36.920Z and modified on 2026-06-09T01:34:33.987Z.