Tenda W20e Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Tenda W20e Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in Tenda W20e Firmware. Last year, in 2025 W20e Firmware had 4 security vulnerabilities published. Right now, W20e Firmware is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 4 | 0.00 |
| 2024 | 1 | 8.80 |
| 2023 | 3 | 9.80 |
| 2022 | 6 | 8.93 |
It may take a day or so for new W20e Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tenda W20e Firmware Security Vulnerabilities
Tenda W20E V15.11.0.6 CMD Inv in formSetNetCheckTools via hostName
CVE-2025-44867
- May 01, 2025
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Tenda W20E V15.11.0.6 Command Injection via formSetDebugCfg(level)
CVE-2025-44866
- May 01, 2025
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Command Injection in Tenda W20E V15.11.0.6 via formSetDebugCfg Enable
CVE-2025-44865
- May 01, 2025
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Command Injection in Tenda W20E V15.11.0.6 formSetDebugCfg via module param
CVE-2025-44864
- May 01, 2025
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Stack Buffer Overflow in Tenda W20E 15.11.0.6 (formSetRemoteWebManage)
CVE-2024-3874
8.8 - High
- April 16, 2024
A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260908. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Stack Overflow
Buffer Overflow: Tenda W20E formSetSysTime < v15.11.0.6
CVE-2023-26806
9.8 - Critical
- March 19, 2023
Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime,
Memory Corruption
Buffer Overflow in Tenda W20E v15.11 via formIPMacBindModify
CVE-2023-26805
9.8 - Critical
- March 19, 2023
Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify.
Memory Corruption
Stack Overflow in Tenda W20E v15.11.0.6 formSetStaticRoute (CVE-2022-48130)
CVE-2022-48130
9.8 - Critical
- February 02, 2023
Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN.
Memory Corruption
Tenda W20E Buffer Overflow v16.01.0.6(3392)
CVE-2022-45997
7.2 - High
- December 12, 2022
Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.
Classic Buffer Overflow
Tenda W20E v16.01.0.6 Command Injection via cmd_get_ping_output
CVE-2022-45996
7.2 - High
- December 12, 2022
Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.
Shell injection
Stack Overflow in Tenda W20E V15.11.0.6 formDelDhcpRule (CVE-2022-40868)
CVE-2022-40868
9.8 - Critical
- September 23, 2022
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/
Memory Corruption
Stack overflow in formIPMacBindDel of Tenda W20E V15.11.0.6
CVE-2022-40867
9.8 - Critical
- September 23, 2022
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/
Memory Corruption
Stack Overflow in Tenda W20E V15.11.0.6 formSetDebugCfg (/goform/setDebugCfg/)
CVE-2022-40866
9.8 - Critical
- September 23, 2022
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/
Memory Corruption
Tenda W20E 15.11.0.6 Router formSetPortMapping Stack Overflow RCE/DoS
CVE-2022-40855
9.8 - Critical
- September 23, 2022
Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tenda W20e Firmware or by Tenda? Click the Watch button to subscribe.
