Filtered by vendor Tenda
Subscriptions
Filtered by product W20e
Subscriptions
Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-44864 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-27 | 6.3 Medium |
| Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44865 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-27 | 6.3 Medium |
| Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44866 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-27 | 6.3 Medium |
| Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44867 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-27 | 6.3 Medium |
| Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-40868 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-22 | 9.8 Critical |
| Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/ | ||||
| CVE-2022-40867 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-22 | 9.8 Critical |
| Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/ | ||||
| CVE-2022-40866 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-22 | 9.8 Critical |
| Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/ | ||||
| CVE-2022-40855 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-22 | 9.8 Critical |
| Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. | ||||
| CVE-2022-48130 | 1 Tenda | 2 W20e, W20e Firmware | 2025-03-26 | 9.8 Critical |
| Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN. | ||||
| CVE-2023-26806 | 1 Tenda | 2 W20e, W20e Firmware | 2025-02-27 | 9.8 Critical |
| Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime, | ||||
| CVE-2023-26805 | 1 Tenda | 2 W20e, W20e Firmware | 2025-02-27 | 9.8 Critical |
| Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify. | ||||
| CVE-2024-3874 | 1 Tenda | 1 W20e | 2024-11-21 | 8.8 High |
| A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260908. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
Page 1 of 1.