Primary

Context

Tenda W20E Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in the Tenda W20E router, specifically in version V4.0br_V15.11.0.6. The issue arises from the router's 'goform/formSetUSBPartitionUmount' component, which fails to properly validate the 'usbPartitionName' value before using it in the 'doSystemCmd' function. This lack of validation allows for critical command injection exploits.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Reproduction

To reproduce this vulnerability, log into the router's web interface and navigate to the 'goform/umountUSBPartition' endpoint. Send a POST request with a crafted 'usbPartitionName' value that includes a command, such as one that writes to the web server's file system. The injected command will be executed on the router, demonstrating the command injection flaw.

Added: Mar 2, 2026, 3:24 PM

Updated: Mar 2, 2026, 9:58 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.8

remediation

0.0

relevance

3.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.8

remediation

0.0

relevance

3.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda W20E Command Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Tenda W20E

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating