19 matches found
CVE-2026-38835
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2026-38835
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2026-38835
CVE-2026-38835 affects the Tenda W30E router (V2.0, V16.01.0.21). The bug is a command injection in the formSetUSBPartitionUmount function via the usbPartitionName parameter, enabling an attacker to execute arbitrary commands through a crafted request. Metrics indicate a critical impact (CVSS v3....
Tenda W30E 安全漏洞
The Tenda W30E is a router produced by the Chinese company Tenda. The Tenda W30E V2.0 V16.01.0.21 version contains a security vulnerability. This vulnerability stems from improper validation of the usbPartitionName parameter in the formSetUSBPartitionUmount function, which may lead to command...
CVE-2024-50852
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function...
CVE-2024-50852
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function...
CVE-2024-50852
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function...
CVE-2024-50852
CVE-2024-50852 affects Tenda G3, version 3.0 v15.11.0.20. The vulnerability is a command injection in the formSetUSBPartitionUmount function, arising because usbPartitionName handling fails to neutralize special characters/commands. Impact: allows a remote attacker to execute arbitrary commands. ...
Tenda G3 命令注入漏洞
Tenda G3 is a Qos Vpn router from Tenda China. Tenda G3 suffers from a command injection vulnerability, which stems from the formSetUSBPartitionUmount function failing to properly filter constructor command special characters, commands, etc. The vulnerability can be exploited to execute arbitrary...
CVE-2024-50852
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function...
CVE-2024-50852
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function...
CVE-2024-46628
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution RCE vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function...
CVE-2022-45717
IP-COM M50 V15.11.0.3310768 was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request...
CVE-2022-45717
IP-COM M50 V15.11.0.3310768 was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request...
Command injection
IP-COM M50 V15.11.0.3310768 was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request...
CVE-2022-45717
CVE-2022-45717 affects IP-COM M50 firmware (V15.11.0.33(10768)). The issue is a command injection in the USB partition handling via the usbPartitionName parameter in the formSetUSBPartitionUmount function, exploitable by a crafted GET request. Public documents indicate high-severity impact (CVE w...
IP-COM M50 操作系统命令注入漏洞
The IP-COM M50 is a wireless router from IP-COM USA. An operating system command injection vulnerability exists in IP-COM M50 version V15.11.0.3310768, which stems from the discovery of a contained command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount...
PT-2022-27630 · Ip Com · Ip-Com M50
Name of the Vulnerable Software and Affected Versions: IP-COM M50 version 15.11.0.3310768 Description: The issue is related to a command injection vulnerability. It can be exploited via a crafted GET request to the formSetUSBPartitionUmount function, specifically through the usbPartitionName...
CVE-2021-27692
Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.179502CN or v15.11.0.169024CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount" function executes the...