W20e Firmware

w20e_firmware

Vendor: Tenda • 23 CVEs

CVEs (23)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-24112 1Tenda 1W20e Firmware Mar 3, 2026 Mar 2, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `s...Show more An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validation, it could lead to a buffer overflow vulnerability.Show less
CVE-2026-24110 1Tenda 1W20e Firmware Mar 3, 2026 Mar 2, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule, " %d\t%[^\t]\t%[^\n...Show more An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule, " %d\t%[^\t]\t%[^\n\r\t]", &dhcpsIndex, dhcpsIP, dhcpsMac);`, the lack of size validation for the rules could lead to buffer overflows in `dhcpsIndex`, `dhcpsIP`, and `dhcpsMac`.Show less
CVE-2026-24115 1Tenda 1W20e Firmware Mar 3, 2026 Mar 2, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow.
CVE-2026-24114 1Tenda 1W20e Firmware Mar 3, 2026 Mar 2, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`.
CVE-2026-24113 1Tenda 1W20e Firmware Mar 5, 2026 Mar 2, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `spri...Show more An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability.Show less
CVE-2026-24111 1Tenda 1W20e Firmware Mar 5, 2026 Mar 2, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addAuthUser` function and processed by `sscanf`...Show more An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addAuthUser` function and processed by `sscanf` without size validation, it could lead to buffer overflow.Show less
CVE-2026-24109 1Tenda 1W20e Firmware Mar 5, 2026 Mar 2, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lea...Show more An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vulnerability.Show less
CVE-2026-24108 1Tenda 1W20e Firmware Mar 3, 2026 Mar 2, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `spri...Show more An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability.Show less
CVE-2026-24107 1Tenda 1W20e Firmware Mar 3, 2026 Mar 2, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabilities.
CVE-2025-44867 1Tenda 1W20e Firmware May 27, 2025 May 1, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafte...Show more Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.Show less
CVE-2025-44866 1Tenda 1W20e Firmware May 27, 2025 May 1, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted reques...Show more Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.Show less
CVE-2025-44865 1Tenda 1W20e Firmware May 27, 2025 May 1, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted reque...Show more Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.Show less
CVE-2025-44864 1Tenda 1W20e Firmware May 27, 2025 May 1, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted reque...Show more Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.Show less
CVE-2024-3874 1Tenda 1W20e Firmware Mar 6, 2025 Apr 16, 2024 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument...Show more A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260908. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-26806 1Tenda 1W20e Firmware Feb 27, 2025 Mar 19, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime,
CVE-2023-26805 1Tenda 1W20e Firmware Feb 27, 2025 Mar 19, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify.
CVE-2022-48130 1Tenda 1W20e Firmware Mar 26, 2025 Feb 2, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN.
CVE-2022-45997 1Tenda 1W20e Firmware Apr 22, 2025 Dec 12, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.
CVE-2022-45996 1Tenda 1W20e Firmware Apr 22, 2025 Dec 12, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.
CVE-2022-40868 1Tenda 1W20e Firmware May 22, 2025 Sep 23, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/

12 Next