Security Advisory

CVE-2026-24110

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-02 00:00:00

Last updated 2026-03-02 16:07:39

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule, " %dt%[^t]t%[^nrt]", &dhcpsIndex, dhcpsIP, dhcpsMac);`, the lack of size validation for the rules could lead to buffer overflows in `dhcpsIndex`, `dhcpsIP`, and `dhcpsMac`.

← Browse all CVEs View on cve.org ↗