211 matches found
CVE-2026-24113
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by controlling the value of nptr. When this value is passed into the getMibPrefix function and concatenated using sprintf without proper size validation, it could lead to a buffer overflow vulnerabilit...
CVE-2026-24111
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addAuthUser function and processed by sscanf without size validation, it could lead to buffer overflow...
CVE-2026-24115
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the sizes of gstup and gstdwn before concatenating them into gstruleQos may lead to buffer overflow...
CVE-2026-24108
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by controlling the value of nptr. When this value is passed into the getMibPrefix function and concatenated using sprintf without proper size validation, it could lead to a buffer overflow vulnerabilit...
CVE-2026-24109
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by controlling the value of picName. When this value is used in sprintf without validating variable sizes, it could lead to a buffer overflow vulnerability...
CVE-2026-24112
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addWewifiWhiteUser function and processed by sscanf without size validation, it could lead to a buffer overflow vulnerability...
CVE-2026-24110
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may send overly long addDhcpRules data. When these rules enter the addDhcpRule function and are processed by ret = sscanfpRule, " %d\t%^\t\t%^\n\r\t", , dhcpsIP, dhcpsMac;, the lack of size validation for the rules could lead to...
CVE-2026-24114
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate pPortMapIndex may lead to buffer overflows when using strcpy...
CVE-2026-24107
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...
CVE-2026-24112
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addWewifiWhiteUser function and processed by sscanf without size validation, it could lead to a buffer overflow vulnerability...
CVE-2026-24112
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addWewifiWhiteUser function and processed by sscanf without size validation, it could lead to a buffer overflow vulnerability...
CVE-2026-24110
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may send overly long addDhcpRules data. When these rules enter the addDhcpRule function and are processed by ret = sscanfpRule, " %d\t%^\t\t%^\n\r\t", &dhcpsIndex, dhcpsIP, dhcpsMac;, the lack of size validation for the rules could...
CVE-2026-24110
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may send overly long addDhcpRules data. When these rules enter the addDhcpRule function and are processed by ret = sscanfpRule, " %d\t%^\t\t%^\n\r\t", &dhcpsIndex, dhcpsIP, dhcpsMac;, the lack of size validation for the rules could...
CVE-2026-24109
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by controlling the value of picName. When this value is used in sprintf without validating variable sizes, it could lead to a buffer overflow vulnerability...
CVE-2026-24115
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the sizes of gstup and gstdwn before concatenating them into gstruleQos may lead to buffer overflow...
CVE-2026-24109
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by controlling the value of picName. When this value is used in sprintf without validating variable sizes, it could lead to a buffer overflow vulnerability...
CVE-2026-24107
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...
CVE-2026-24114
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate pPortMapIndex may lead to buffer overflows when using strcpy...
CVE-2026-24114
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate pPortMapIndex may lead to buffer overflows when using strcpy...
CVE-2026-24111
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addAuthUser function and processed by sscanf without size validation, it could lead to buffer overflow...