Tenda W20e Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Tenda W20e Firmware.
By the Year
In 2026 there have been 3 vulnerabilities in Tenda W20e Firmware with an average score of 8.8 out of ten. Last year, in 2025 W20e Firmware had 4 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in W20e Firmware in 2026 could surpass last years number.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 8.80 |
| 2025 | 4 | 0.00 |
| 2024 | 1 | 8.80 |
| 2023 | 3 | 9.80 |
| 2022 | 6 | 8.93 |
It may take a day or so for new W20e Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tenda W20e Firmware Security Vulnerabilities
Tenda W20E 15.11.0.6: Remote Stack-Buffer-Overflow in modifyWifiFilterRules
CVE-2026-11524
8.8 - High
- June 08, 2026
A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipulation of the argument wifiFilterListRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Stack Overflow
Stack Overflow in Tenda W20E 15.11.0.6 WebMgr - formPortalAuth (gotoUrl)
CVE-2026-11523
8.8 - High
- June 08, 2026
A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
Stack Overflow
Tenda W20E 15.11.0.6 formSetPortMirror stack-based buffer overflow
CVE-2026-11522
8.8 - High
- June 08, 2026
A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
Stack Overflow
Command Injection in Tenda W20E V15.11.0.6 formSetDebugCfg via module param
CVE-2025-44864
- May 01, 2025
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Command Injection in Tenda W20E V15.11.0.6 via formSetDebugCfg Enable
CVE-2025-44865
- May 01, 2025
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Tenda W20E V15.11.0.6 Command Injection via formSetDebugCfg(level)
CVE-2025-44866
- May 01, 2025
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Tenda W20E V15.11.0.6 CMD Inv in formSetNetCheckTools via hostName
CVE-2025-44867
- May 01, 2025
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Stack Buffer Overflow in Tenda W20E 15.11.0.6 (formSetRemoteWebManage)
CVE-2024-3874
8.8 - High
- April 16, 2024
A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260908. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Stack Overflow
Buffer Overflow in Tenda W20E v15.11 via formIPMacBindModify
CVE-2023-26805
9.8 - Critical
- March 19, 2023
Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify.
Memory Corruption
Buffer Overflow: Tenda W20E formSetSysTime < v15.11.0.6
CVE-2023-26806
9.8 - Critical
- March 19, 2023
Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime,
Memory Corruption
Stack Overflow in Tenda W20E v15.11.0.6 formSetStaticRoute (CVE-2022-48130)
CVE-2022-48130
9.8 - Critical
- February 02, 2023
Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN.
Memory Corruption
Tenda W20E v16.01.0.6 Command Injection via cmd_get_ping_output
CVE-2022-45996
7.2 - High
- December 12, 2022
Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.
Shell injection
Tenda W20E Buffer Overflow v16.01.0.6(3392)
CVE-2022-45997
7.2 - High
- December 12, 2022
Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.
Classic Buffer Overflow
Tenda W20E 15.11.0.6 Router formSetPortMapping Stack Overflow RCE/DoS
CVE-2022-40855
9.8 - Critical
- September 23, 2022
Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.
Memory Corruption
Stack Overflow in Tenda W20E V15.11.0.6 formSetDebugCfg (/goform/setDebugCfg/)
CVE-2022-40866
9.8 - Critical
- September 23, 2022
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/
Memory Corruption
Stack overflow in formIPMacBindDel of Tenda W20E V15.11.0.6
CVE-2022-40867
9.8 - Critical
- September 23, 2022
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/
Memory Corruption
Stack Overflow in Tenda W20E V15.11.0.6 formDelDhcpRule (CVE-2022-40868)
CVE-2022-40868
9.8 - Critical
- September 23, 2022
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tenda W20e Firmware or by Tenda? Click the Watch button to subscribe.
