Tenda

W20e Firmware

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-24115

Exploit
  • EPSS 0.69%
  • Veröffentlicht 02.03.2026 00:00:00
  • Zuletzt bearbeitet 03.03.2026 21:15:58

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow.

9.8

CVE-2026-24108

Exploit
  • EPSS 0.65%
  • Veröffentlicht 02.03.2026 00:00:00
  • Zuletzt bearbeitet 03.03.2026 15:54:49

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size valid...

6.3

CVE-2025-44867

Exploit
  • EPSS 1.11%
  • Veröffentlicht 01.05.2025 00:00:00
  • Zuletzt bearbeitet 27.05.2025 16:31:11

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

6.3

CVE-2025-44866

Exploit
  • EPSS 1.11%
  • Veröffentlicht 01.05.2025 00:00:00
  • Zuletzt bearbeitet 27.05.2025 16:44:21

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

6.3

CVE-2025-44865

Exploit
  • EPSS 1.11%
  • Veröffentlicht 01.05.2025 00:00:00
  • Zuletzt bearbeitet 27.05.2025 16:44:28

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

6.3

CVE-2025-44864

Exploit
  • EPSS 1.11%
  • Veröffentlicht 01.05.2025 00:00:00
  • Zuletzt bearbeitet 27.05.2025 16:44:36

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

8.8

CVE-2024-3874

  • EPSS 1.31%
  • Veröffentlicht 16.04.2024 16:15:09
  • Zuletzt bearbeitet 06.03.2025 15:00:11

A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based...

9.8

CVE-2023-26806

Exploit
  • EPSS 0.93%
  • Veröffentlicht 19.03.2023 01:15:39
  • Zuletzt bearbeitet 27.02.2025 17:15:15

Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime,

9.8

CVE-2023-26805

Exploit
  • EPSS 0.93%
  • Veröffentlicht 19.03.2023 01:15:39
  • Zuletzt bearbeitet 27.02.2025 17:15:15

Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify.

9.8

CVE-2022-48130

Exploit
  • EPSS 0.93%
  • Veröffentlicht 02.02.2023 21:22:46
  • Zuletzt bearbeitet 26.03.2025 19:15:20

Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN.