Lucene search
K

15 matches found

Cvelist
Cvelist
added 2026/04/21 12:0 a.m.36 views

CVE-2026-38835

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

0.0215EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.11 views

Tenda W30E 安全漏洞

The Tenda W30E is a router produced by the Chinese company Tenda. The Tenda W30E V2.0 V16.01.0.21 version contains a security vulnerability. This vulnerability stems from improper validation of the usbPartitionName parameter in the formSetUSBPartitionUmount function, which may lead to command...

9.8CVSS5.8AI score0.0215EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/21 12:0 a.m.4 views

CVE-2026-38835

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

6.1AI score0.0215EPSS
Exploits1References1
NVD
NVD
added 2026/03/02 3:16 p.m.5 views

CVE-2026-24107

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

9.8CVSS0.02161EPSS
Exploits1References2
CVE
CVE
added 2026/03/02 12:0 a.m.15 views

CVE-2026-24107

The CVE-2026-24107 entry concerns Tenda W20E firmware (V4.0br_V15.11.0.6) where an unvalidated usbPartitionName value is used directly in doSystemCmd, enabling command injection. Affected software: Tenda W20E router firmware. Root cause: lack of validation of the usbPartitionName parameter before...

9.8CVSS6AI score0.02161EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/02 12:0 a.m.33 views

CVE-2026-24107

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

0.02161EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/02 12:0 a.m.8 views

EUVD-2026-9180

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

6AI score0.02161EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.4 views

PT-2026-22594

Name of the Vulnerable Software and Affected Versions Tenda W20E version 4.0br V15.11.0.6 Description A command injection issue exists in the Tenda W20E router firmware. The firmware does not properly validate the usbPartitionName variable before using it within the doSystemCmd function. This can...

10CVSS6.2AI score0.02161EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2026/03/02 12:0 a.m.3 views

CVE-2026-24107

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

6AI score0.02161EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/02 12:0 a.m.3 views

CVE-2026-24107

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

9.8CVSS6AI score0.02161EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2024/12/19 12:0 a.m.5 views

The vulnerability of the formSetUSBPartitionUmount function in the wireless access point software Tenda G3 allows a intruder to execute arbitrary commands.

The vulnerability of the formSetUSBPartitionUmount function in the wireless access point Tenda G3 software is related to the lack of measures taken to neutralize special elements during the processing of the usbPartitionName parameter. Exploiting this vulnerability allows a remote attacker to...

8.8CVSS6AI score0.01642EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/30 12:0 a.m.9 views

PT-2024-9598 · Tenda · Tenda G3

Name of the Vulnerable Software and Affected Versions: Tenda G3 version 3.0 v15.11.0.20 Description: The issue is related to the formSetUSBPartitionUmount function of the Tenda G3 wireless access point's firmware, which fails to neutralize special elements when processing the usbPartitionName...

8.8CVSS8.6AI score0.01642EPSS
Exploits1References7
OSV
OSV
added 2024/09/26 8:15 p.m.3 views

CVE-2024-46628

Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution RCE vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function...

9.8CVSS6.3AI score0.11348EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.5 views

PT-2024-7348 · Tenda · Tenda Routers G3

Name of the Vulnerable Software and Affected Versions: Tenda G3 Router firmware version 15.03.05.05 Description: The issue is related to a remote code execution vulnerability in the Tenda G3 Router firmware. This vulnerability can be exploited via the usbPartitionName parameter in the...

9.8CVSS8.4AI score0.11348EPSS
Exploits1References8
OSV
OSV
added 2022/12/23 7:15 p.m.5 views

CVE-2022-45717

IP-COM M50 V15.11.0.3310768 was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request...

9.8CVSS5.8AI score0.04253EPSS
Exploits0References2
Rows per page
Query Builder