W20e Firmware Security Vulnerabilities and Issues — W20e Firmware CVE List

Lucene search

TendaW20e Firmware

14 matches found

CVE•added 2022/12/12 4:15 p.m.•63 views

CVE-2022-45996

Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.

7.2CVSS7.2AI score0.00649EPSS

CVE•added 2022/09/23 3:15 p.m.•51 views

CVE-2022-40855

Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan,...

9.8CVSS9.7AI score0.34973EPSS

CVE•added 2022/12/12 4:15 p.m.•47 views

CVE-2022-45997

Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.

7.2CVSS6.9AI score0.00092EPSS

CVE•added 2024/04/16 4:15 p.m.•47 views

CVE-2024-3874

A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. The attack can be initiated rem...

9CVSS8.7AI score0.00279EPSS

CVE•added 2022/09/23 3:15 p.m.•46 views

CVE-2022-40867

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/

9.8CVSS9.5AI score0.0018EPSS

CVE•added 2025/05/01 6:15 p.m.•46 views

CVE-2025-44865

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

6.3CVSS8.3AI score0.13593EPSS

CVE•added 2025/05/01 6:15 p.m.•46 views

CVE-2025-44867

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

6.3CVSS8.3AI score0.13593EPSS

CVE•added 2025/05/01 6:15 p.m.•45 views

CVE-2025-44864

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

6.3CVSS8AI score0.13593EPSS

CVE•added 2023/03/19 1:15 a.m.•44 views

CVE-2023-26805

Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify.

9.8CVSS9.3AI score0.00121EPSS

CVE•added 2025/05/01 6:15 p.m.•42 views

CVE-2025-44866

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

6.3CVSS8AI score0.13593EPSS

CVE•added 2022/09/23 3:15 p.m.•40 views

CVE-2022-40868

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/

9.8CVSS9.5AI score0.0018EPSS

CVE•added 2023/02/02 9:22 p.m.•40 views

CVE-2022-48130

Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN.

9.8CVSS9.4AI score0.00131EPSS

CVE•added 2023/03/19 1:15 a.m.•39 views

CVE-2023-26806

Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime,

9.8CVSS9.3AI score0.00121EPSS

CVE•added 2022/09/23 3:15 p.m.•37 views

CVE-2022-40866

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/

9.8CVSS9.5AI score0.00171EPSS