Tenda: >> W20e Firmware Security Vulnerabilities
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
6.3
EPSS Score
0.136
Published
2025-05-01
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
6.3
EPSS Score
0.136
Published
2025-05-01
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
6.3
EPSS Score
0.136
Published
2025-05-01
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
6.3
EPSS Score
0.136
Published
2025-05-01
A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260908. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-04-16
Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-03-19
Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime,
CVSS Score
9.8
EPSS Score
0.001
Published
2023-03-19
Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-02
Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.
CVSS Score
7.2
EPSS Score
0.006
Published
2022-12-12
Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-12-12
Page 1