Every CVE whose affected-product data names Tenda W20e Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2022-40855 — CVSS 9.8 (critical): Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This…
CVE-2022-40866 — CVSS 9.8 (critical): Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function…
CVE-2022-40867 — CVSS 9.8 (critical): Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function…
CVE-2022-40868 — CVSS 9.8 (critical): Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function…
CVE-2026-24109 — CVSS 9.8 (critical): An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`…
CVE-2026-24110 — CVSS 9.8 (critical): An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the…
CVE-2026-24111 — CVSS 9.8 (critical): An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`…
CVE-2026-24112 — CVSS 9.8 (critical): An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`…
CVE-2026-24113 — CVSS 9.8 (critical): An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When…
CVE-2026-24114 — CVSS 9.8 (critical): An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using…
CVE-2026-24115 — CVSS 9.8 (critical): An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them…
CVE-2022-48130 — CVSS 9.8 (critical): Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters…
CVE-2023-26805 — CVSS 9.8 (critical): Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify.
CVE-2023-26806 — CVSS 9.8 (critical): Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime,
CVE-2026-24107 — CVSS 9.8 (critical): An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in…
CVE-2026-24108 — CVSS 9.8 (critical): An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When…
CVE-2024-3874 — CVSS 8.8 (high): A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function…
CVE-2025-44864 — CVSS 6.3 (medium): Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This…
CVE-2025-44866 — CVSS 6.3 (medium): Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This…
CVE-2025-44865 — CVSS 6.3 (medium): Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This…
CVE-2025-44867 — CVSS 6.3 (medium): Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName…