Details of VAR-202603-0110

ID

VAR-202603-0110

CVE

CVE-2026-24107

TITLE

Shenzhen Tenda Technology Co.,Ltd. of W20E Code injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-005974

DESCRIPTION

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabilities. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-24107 // JVNDB: JVNDB-2026-005974

AFFECTED PRODUCTS

vendor:	tenda	model:	w20e	scope:	eq	version:	15.11.0.6	Trust: 1.0
vendor:	tenda	model:	w20e	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	w20e	scope:	eq	version:	w20e firmware 15.11.0.6	Trust: 0.8
vendor:	tenda	model:	w20e	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-005974 // NVD: CVE-2026-24107

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2026-24107
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2026-005974
value:	CRITICAL
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2026-24107
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-005974
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-005974 // NVD: CVE-2026-24107

PROBLEMTYPE DATA

problemtype:	CWE-94	Trust: 1.0
problemtype:	Code injection (CWE-94) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-005974 // NVD: CVE-2026-24107

PATCH

title:

CVEreport/D-link/CVE-2026-24107 at main akuma-QAQ/CVEreport GitHub

url:

https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24107

Trust: 0.8

sources: JVNDB: JVNDB-2026-005974

EXTERNAL IDS

db:	NVD	id:	CVE-2026-24107	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-005974	Trust: 0.8

sources: JVNDB: JVNDB-2026-005974 // NVD: CVE-2026-24107

REFERENCES

url:	https://www.tenda.com.cn/material/show/2707	Trust: 1.8
url:	https://github.com/akuma-qaq/cvereport/tree/main/d-link/cve-2026-24107	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-24107	Trust: 0.8

sources: JVNDB: JVNDB-2026-005974 // NVD: CVE-2026-24107

SOURCES

db:	JVNDB	id:	JVNDB-2026-005974
db:	NVD	id:	CVE-2026-24107

LAST UPDATE DATE

2026-03-07T23:44:01.797000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-005974	date:	2026-03-05T02:51:00
db:	NVD	id:	CVE-2026-24107	date:	2026-03-03T15:55:11.547

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-005974	date:	2026-03-05T00:00:00
db:	NVD	id:	CVE-2026-24107	date:	2026-03-02T15:16:33.020