CVE-2025-44865

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:w20e_firmware:15.11.0.6:*:*:*:*:*:*:*
cpe:2.3:h:tenda:w20e:-:*:*:*:*:*:*:*

History

27 May 2025, 16:44

Type Values Removed Values Added
CPE cpe:2.3:o:tenda:w20e_firmware:15.11.0.6:*:*:*:*:*:*:*
cpe:2.3:h:tenda:w20e:-:*:*:*:*:*:*:*
First Time Tenda
Tenda w20e Firmware
Tenda w20e
References () https://github.com/Summermu/VulnForIoT/tree/main/Tenda_W20E/formSetDebugCfg_enable/readme.md - () https://github.com/Summermu/VulnForIoT/tree/main/Tenda_W20E/formSetDebugCfg_enable/readme.md - Exploit, Third Party Advisory

02 May 2025, 13:52

Type Values Removed Values Added
Summary
  • (es) Se descubrió que Tenda W20E V15.11.0.6 contenía una vulnerabilidad de inyección de comandos en la función formSetDebugCfg mediante el parámetro enable. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada.

01 May 2025, 21:15

Type Values Removed Values Added
CWE CWE-77
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.3

01 May 2025, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-01 18:15

Updated : 2025-05-27 16:44


NVD link : CVE-2025-44865

Mitre link : CVE-2025-44865

CVE.ORG link : CVE-2025-44865


JSON object : View

Products Affected

tenda

  • w20e
  • w20e_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')