CVE-2026-24107

Name of the Vulnerable Software and Affected Versions Tenda W20E version 4.0br V15.11.0.6

Description A command injection issue exists in the Tenda W20E router firmware. The firmware does not properly validate the usbPartitionName variable before using it within the doSystemCmd function. This can allow for the execution of arbitrary commands.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the USB partition functionality to minimize the risk of exploitation.