Lucene search
K

21 matches found

Vulnrichment
Vulnrichment
added 2026/04/21 12:0 a.m.3 views

CVE-2026-38835

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

6.1AI score0.0215EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Tenda W30E 安全漏洞

The Tenda W30E is a router produced by the Chinese company Tenda. The Tenda W30E V2.0 V16.01.0.21 version contains a security vulnerability. This vulnerability stems from improper validation of the usbPartitionName parameter in the formSetUSBPartitionUmount function, which may lead to command...

9.8CVSS5.8AI score0.0215EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/21 12:0 a.m.35 views

CVE-2026-38835

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

0.0215EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.11 views

PT-2026-34017

Name of the Vulnerable Software and Affected Versions Tenda W30E version V2.0 V16.01.0.21 Description The formSetUSBPartitionUmount function fails to properly neutralize special elements when processing the usbPartitionName parameter. This allows a remote attacker to execute arbitrary commands by...

9.8CVSS5.8AI score0.0215EPSS
Exploits1References5
NVD
NVD
added 2026/03/02 3:16 p.m.3 views

CVE-2026-24107

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

9.8CVSS0.02161EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/02 12:0 a.m.2 views

CVE-2026-24107

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

9.8CVSS6AI score0.02161EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/02 12:0 a.m.2 views

CVE-2026-24107

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

6AI score0.02161EPSS
Exploits1References2
CVE
CVE
added 2026/03/02 12:0 a.m.13 views

CVE-2026-24107

The CVE-2026-24107 entry concerns Tenda W20E firmware (V4.0br_V15.11.0.6) where an unvalidated usbPartitionName value is used directly in doSystemCmd, enabling command injection. Affected software: Tenda W20E router firmware. Root cause: lack of validation of the usbPartitionName parameter before...

9.8CVSS6AI score0.02161EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/02 12:0 a.m.30 views

CVE-2026-24107

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

0.02161EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/02 12:0 a.m.7 views

EUVD-2026-9180

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

6AI score0.02161EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.3 views

PT-2026-22594

Name of the Vulnerable Software and Affected Versions Tenda W20E version 4.0br V15.11.0.6 Description A command injection issue exists in the Tenda W20E router firmware. The firmware does not properly validate the usbPartitionName variable before using it within the doSystemCmd function. This can...

10CVSS6.2AI score0.02161EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-3987

Malware in sbrugna...

7.8CVSS7.7AI score0.00202EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/12/19 12:0 a.m.4 views

The vulnerability of the formSetUSBPartitionUmount function in the wireless access point software Tenda G3 allows a intruder to execute arbitrary commands.

The vulnerability of the formSetUSBPartitionUmount function in the wireless access point Tenda G3 software is related to the lack of measures taken to neutralize special elements during the processing of the usbPartitionName parameter. Exploiting this vulnerability allows a remote attacker to...

8.8CVSS6AI score0.01642EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/30 12:0 a.m.7 views

PT-2024-9598 · Tenda · Tenda G3

Name of the Vulnerable Software and Affected Versions: Tenda G3 version 3.0 v15.11.0.20 Description: The issue is related to the formSetUSBPartitionUmount function of the Tenda G3 wireless access point's firmware, which fails to neutralize special elements when processing the usbPartitionName...

8.8CVSS8.6AI score0.01642EPSS
Exploits1References7
OSV
OSV
added 2024/09/26 8:15 p.m.3 views

CVE-2024-46628

Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution RCE vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function...

9.8CVSS6.3AI score0.1104EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/09/26 12:0 a.m.3 views

Tenda G3 安全漏洞

Tenda G3 is a Qos Vpn router from Tenda China. A code execution vulnerability exists in Tenda G3 version 15.03.05.05, which stems from the usbPartitionName parameter in the formSetUSBPartitionUmount function failing to properly filter the special elements of the constructor segment. An attacker c...

9.8CVSS8.3AI score0.1104EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.5 views

PT-2024-7348 · Tenda · Tenda Routers G3

Name of the Vulnerable Software and Affected Versions: Tenda G3 Router firmware version 15.03.05.05 Description: The issue is related to a remote code execution vulnerability in the Tenda G3 Router firmware. This vulnerability can be exploited via the usbPartitionName parameter in the...

9.8CVSS8.4AI score0.1104EPSS
Exploits1References8
OSV
OSV
added 2022/12/23 7:15 p.m.3 views

CVE-2022-45717

IP-COM M50 V15.11.0.3310768 was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request...

9.8CVSS5.8AI score0.04253EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/11/27 6:0 p.m.20 views

CVE-2018-11995

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, a partition name-check variable is not reset for every iteration which may cause improper termination in the META image...

7.5AI score0.00202EPSS
Exploits0References3
Prion
Prion
added 2017/12/05 7:29 p.m.16 views

Stack overflow

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of stack corruption due to buffer overflow of Partition name while converting ascii string to unicode string in function HandleMetaImgFlash...

7.2CVSS7.5AI score0.0017EPSS
Exploits0References2
Rows per page
Query Builder