{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-24107", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-03T01:48:20.554Z", "dateReserved": "2026-01-21T00:00:00.000Z", "datePublished": "2026-03-02T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-02T14:19:17.528Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabilities."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.tenda.com.cn/material/show/2707"}, {"url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24107"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-03T01:47:47.487944Z", "id": "CVE-2026-24107", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T01:48:20.554Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-24107", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-03T01:47:47.487944Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T01:48:15.268Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.tenda.com.cn/material/show/2707"}, {"url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24107"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabilities."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-02T14:19:17.528Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24107", "state": "PUBLISHED", "dateUpdated": "2026-03-03T01:48:20.554Z", "dateReserved": "2026-01-21T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-02T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:w20e_firmware:15.11.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "31C1283D-8DCF-49C0-92FF-34CF842D00BF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:w20e:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A09E3911-CF3F-4C15-8EF9-5AA8EEA0FC21", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabilities."}], "id": "CVE-2026-24107", "lastModified": "2026-03-03T15:55:11.547", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-02T15:16:33.020", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24107"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.tenda.com.cn/material/show/2707"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "15.11.0.6"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "w20e", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-16T14:45:56.677783+00:00", "value": {"mitigation_remediation": ["Apply the latest official firmware update for the Tenda W20E that addresses the command\u2011injection flaw.", "If no patch is available, disable or restrict the USB functionality that exposes usbPartitionName to prevent untrusted input from reaching doSystemCmd.", "Configure network segmentation or firewall rules to limit external management access to the router, reducing the risk of remote exploitation.", "Implement input validation for any future firmware that involves external parameters, following the guidelines for CWE\u201194 to mitigate command\u2011injection risks."], "summary": {"action": "Patch Immediately", "impact": "Command Injection"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in Tenda routers running the W20E model with firmware version V4.0br_V15.11.0.6. No other vendor or product information is enumerated.", "description_and_impact": "A flaw in the Tenda W20E firmware allows the unvalidated value of the parameter usbPartitionName to be inserted directly into a system command. This oversight permits an attacker to execute arbitrary shell commands with the privileges of the router, potentially compromising device configuration and data confidentiality. The issue is catalogued as CWE\u201194, representing command injection weaknesses.", "risk_and_exploitability": "The CVSS score of 9.8 indicates a critical impact, and the EPSS score of 1% signals that exploitation is unlikely but possible. The vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited in the wild. Because the component in question is accessed via the USB interface, the most probable attack vector involves a local attacker or one with physical access to the device, who can supply a malicious usbPartitionName value. Such an attacker can run arbitrary commands, effectively gaining full control of the router\u2019s operating system."}}}}, "created": "2026-03-03T08:46:32.054773+00:00", "title": "Critical Command Injection via USB Partition Parameter in Tenda W20E Router", "updated": "2026-04-16T15:00:14.304010+00:00", "vendors": ["tenda", "tenda$PRODUCT$w20e"]}