CVE-2026-38835

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

Tenda W30E 安全漏洞

The Tenda W30E is a router produced by the Chinese company Tenda. The Tenda W30E V2.0 V16.01.0.21 version contains a security vulnerability. This vulnerability stems from improper validation of the usbPartitionName parameter in the formSetUSBPartitionUmount function, which may lead to command...

CVE-2026-38835

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

PT-2026-34017

Name of the Vulnerable Software and Affected Versions Tenda W30E version V2.0 V16.01.0.21 Description The formSetUSBPartitionUmount function fails to properly neutralize special elements when processing the usbPartitionName parameter. This allows a remote attacker to execute arbitrary commands by...

CVE-2026-24107

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

CVE-2026-24107

CVE-2026-24107 affects Tenda W20E (firmware V4.0br_V15.11.0.6). The issue is failure to validate usbPartitionName, which is directly used by doSystemCmd, potentially enabling command injection. No exploits, access vectors, or remediation details are provided in the supplied documents. Exploitatio...

CVE-2026-24107

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

EUVD-2026-9180

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

CVE-2026-24107

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

PT-2026-22594

Name of the Vulnerable Software and Affected Versions Tenda W20E version 4.0br V15.11.0.6 Description A command injection issue exists in the Tenda W20E router firmware. The firmware does not properly validate the usbPartitionName variable before using it within the doSystemCmd function. This can...

CVE-2026-24107

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

EUVD-2018-3987

Malware in sbrugna...

The vulnerability of the formSetUSBPartitionUmount function in the wireless access point software Tenda G3 allows a intruder to execute arbitrary commands.

The vulnerability of the formSetUSBPartitionUmount function in the wireless access point Tenda G3 software is related to the lack of measures taken to neutralize special elements during the processing of the usbPartitionName parameter. Exploiting this vulnerability allows a remote attacker to...

PT-2024-9598 · Tenda · Tenda G3

Name of the Vulnerable Software and Affected Versions: Tenda G3 version 3.0 v15.11.0.20 Description: The issue is related to the formSetUSBPartitionUmount function of the Tenda G3 wireless access point's firmware, which fails to neutralize special elements when processing the usbPartitionName...

CVE-2024-46628

Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution RCE vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function...

Tenda G3 安全漏洞

Tenda G3 is a Qos Vpn router from Tenda China. A code execution vulnerability exists in Tenda G3 version 15.03.05.05, which stems from the usbPartitionName parameter in the formSetUSBPartitionUmount function failing to properly filter the special elements of the constructor segment. An attacker c...

PT-2024-7348 · Tenda · Tenda Routers G3

Name of the Vulnerable Software and Affected Versions: Tenda G3 Router firmware version 15.03.05.05 Description: The issue is related to a remote code execution vulnerability in the Tenda G3 Router firmware. This vulnerability can be exploited via the usbPartitionName parameter in the...

CVE-2022-45717

IP-COM M50 V15.11.0.3310768 was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request...

CVE-2018-11995

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, a partition name-check variable is not reset for every iteration which may cause improper termination in the META image...

CVE-2017-11007

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of stack corruption due to buffer overflow of Partition name while converting ascii string to unicode string in function HandleMetaImgFlash...