16 matches found
CVE-2026-38835
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2026-38835
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2026-38835
CVE-2026-38835 affects the Tenda W30E router (V2.0, V16.01.0.21). The bug is a command injection in the formSetUSBPartitionUmount function via the usbPartitionName parameter, enabling an attacker to execute arbitrary commands through a crafted request. Metrics indicate a critical impact (CVSS v3....
CVE-2026-24107
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...
CVE-2026-24107
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...
EUVD-2022-48576
Malicious code in bioql PyPI...
CVE-2024-46628
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution RCE vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function...
CVE-2022-45717
IP-COM M50 V15.11.0.3310768 was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request...
Tenda G3 Code Execution Vulnerability
Tenda G3 is a Qos Vpn router from Tenda China. A code execution vulnerability exists in Tenda G3 version 15.03.05.05, which stems from the usbPartitionName parameter in the formSetUSBPartitionUmount function failing to properly filter the special elements of the constructor segment. An attacker c...
CVE-2024-46628
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution RCE vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function...
CVE-2024-46628
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution RCE vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function...
CVE-2022-45717
IP-COM M50 V15.11.0.3310768 was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request...
Command injection
IP-COM M50 V15.11.0.3310768 was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request...
CVE-2022-45717
CVE-2022-45717 affects IP-COM M50 firmware (V15.11.0.33(10768)). The issue is a command injection in the USB partition handling via the usbPartitionName parameter in the formSetUSBPartitionUmount function, exploitable by a crafted GET request. Public documents indicate high-severity impact (CVE w...
IP-COM M50 操作系统命令注入漏洞
The IP-COM M50 is a wireless router from IP-COM USA. An operating system command injection vulnerability exists in IP-COM M50 version V15.11.0.3310768, which stems from the discovery of a contained command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount...
PT-2022-27630 · Ip Com · Ip-Com M50
Name of the Vulnerable Software and Affected Versions: IP-COM M50 version 15.11.0.3310768 Description: The issue is related to a command injection vulnerability. It can be exploited via a crafted GET request to the formSetUSBPartitionUmount function, specifically through the usbPartitionName...