PatchSiren cyber security CVE debrief
CVE-2026-11524 Tenda CVE debrief
A vulnerability has been found in Tenda W20E 15.11.0.6. The function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface is impacted. The manipulation of the argument wifiFilterListRemark leads to a stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
- Vendor
- Tenda
- Product
- W20E
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of Tenda W20E 15.11.0.6 devices should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability has a CVSS score of 7.4 and is classified as HIGH severity. It is related to CWE-119 and CWE-121 weaknesses.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Restrict access to the Web Management Interface to trusted users only.
- Monitor network traffic and system logs for suspicious activity.
Evidence notes
The vulnerability was reported by an unknown vendor and has been documented in various sources, including Vuldb and NVD.
Official resources
CVE-2026-11524 was published on 2026-06-08T16:16:37.293Z and modified on 2026-06-09T01:34:33.987Z.