CVE-2026-24107
published 2026-03-02CVE-2026-24107: An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabilities.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenda | w20e_firmware | — | — |