Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Tenda W20E: Malicious USB Commands Can Be Executed
CVE-2026-24107
Summary
The Tenda W20E router is at risk of executing malicious commands from a USB drive. This could allow an attacker to access and control the router, potentially leading to unauthorized changes or data breaches. Users should update to the latest firmware to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| tenda | w20e_firmware | 15.11.0.6 | – |
Original title
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnera...
Original description
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabilities.
nvd CVSS3.1
9.8
Vulnerability type
CWE-94
Code Injection
- https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24107 Exploit Third Party Advisory
- https://www.tenda.com.cn/material/show/2707 Product
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026