26 matches found
EUVD-2026-24163
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2026-38835
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
Tenda W30E 安全漏洞
The Tenda W30E is a router produced by the Chinese company Tenda. The Tenda W30E V2.0 V16.01.0.21 version contains a security vulnerability. This vulnerability stems from improper validation of the usbPartitionName parameter in the formSetUSBPartitionUmount function, which may lead to command...
CVE-2026-38835
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2026-38835
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2026-24107
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...
CVE-2026-24107
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...
CVE-2026-24107
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...
CVE-2026-24107
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...
CVE-2026-24107
The CVE-2026-24107 entry concerns Tenda W20E firmware (V4.0br_V15.11.0.6) where an unvalidated usbPartitionName value is used directly in doSystemCmd, enabling command injection. Affected software: Tenda W20E router firmware. Root cause: lack of validation of the usbPartitionName parameter before...
Tenda W20E 安全漏洞
The Tenda W20E is a router produced by the Chinese company Tenda. The Tenda W20E V4.0brV15.11.0.6 version contains a security vulnerability. This vulnerability stems from the unvalidated use of the usbPartitionName parameter, which may lead to key command injection...
PT-2026-22594
Name of the Vulnerable Software and Affected Versions Tenda W20E version 4.0br V15.11.0.6 Description A command injection issue exists in the Tenda W20E router firmware. The firmware does not properly validate the usbPartitionName variable before using it within the doSystemCmd function. This can...
EUVD-2026-9180
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...
CVE-2026-25603
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context o...
EUVD-2021-14434
Malware in sbrugna...
EUVD-2023-53894
Malicious code in bioql PyPI...
The vulnerability of the formSetUSBPartitionUmount function in the wireless access point software Tenda G3 allows a intruder to execute arbitrary commands.
The vulnerability of the formSetUSBPartitionUmount function in the wireless access point Tenda G3 software is related to the lack of measures taken to neutralize special elements during the processing of the usbPartitionName parameter. Exploiting this vulnerability allows a remote attacker to...
Tenda G3 命令注入漏洞
Tenda G3 is a Qos Vpn router from Tenda China. Tenda G3 suffers from a command injection vulnerability, which stems from the formSetUSBPartitionUmount function failing to properly filter constructor command special characters, commands, etc. The vulnerability can be exploited to execute arbitrary...
The vulnerability of the formSetUSBPartitionUmount function in the wireless access point software Tenda G3 allows a intruder to execute arbitrary code.
The vulnerability of the formSetUSBPartitionUmount function in the wireless access point software Tenda G3 is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
PT-2024-9598 · Tenda · Tenda G3
Name of the Vulnerable Software and Affected Versions: Tenda G3 version 3.0 v15.11.0.20 Description: The issue is related to the formSetUSBPartitionUmount function of the Tenda G3 wireless access point's firmware, which fails to neutralize special elements when processing the usbPartitionName...