A vulnerability was found in Tenda W20E 15.11.0.6 and classified as critical . This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface . Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. This vulnerability is tracked as CVE-2026-11523 . The attack can be launched remotely. Moreover, an exploit is present.