VYPR

W20E

by Tenda

CVEs (32)

  • CVE-2025-44866MedMay 1, 2025
    risk 0.41cvss 6.3epss 0.01

    Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2025-44865MedMay 1, 2025
    risk 0.41cvss 6.3epss 0.01

    Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2025-44864MedMay 1, 2025
    risk 0.41cvss 6.3epss 0.01

    Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2026-24111Mar 2, 2026
    risk 0.00cvss epss 0.01

    An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addAuthUser` function and processed by `sscanf` without size validation, it could lead to buffer overflow.

  • CVE-2026-24112Mar 2, 2026
    risk 0.00cvss epss 0.01

    An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validation, it could lead to a buffer…

  • CVE-2026-24110Mar 2, 2026
    risk 0.00cvss epss 0.00

    An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule, " %d\t%[^\t]\t%[^\n\r\t]", &dhcpsIndex, dhcpsIP, dhcpsMac);`, the lack of size…

  • CVE-2026-24108Mar 2, 2026
    risk 0.00cvss epss 0.01

    An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a…

  • CVE-2026-24115Mar 2, 2026
    risk 0.00cvss epss 0.01

    An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow.

  • CVE-2026-24113Mar 2, 2026
    risk 0.00cvss epss 0.01

    An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a…

  • CVE-2026-24114Mar 2, 2026
    risk 0.00cvss epss 0.01

    An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`.

  • CVE-2026-24109Mar 2, 2026
    risk 0.00cvss epss 0.01

    An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vulnerability.

  • CVE-2026-24107Mar 2, 2026
    risk 0.00cvss epss 0.02

    An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabilities.

Page 2 of 2