LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-24107

CVE-2026-24107 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 3, 2026

Tenda W20E - Command Injection

Published: March 2, 2026Updated: March 3, 2026PoC AvailableRemote Exploitable

Overview

Tenda W20E V4.0br_V15.11.0.6 contains a command injection caused by failure to validate the value of `usbPartitionName` used in `doSystemCmd`, letting attackers execute arbitrary commands remotely, exploit requires crafted input.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 112.8%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary commands on the device, potentially leading to full system compromise.

Mitigation

Update to the latest firmware version.

References

Social Media Activity(1 post)

ZEN SecDB
ZEN SecDB
@secdb
Mar 9, 2026

📈 CVE Published in last 7 days (2026-03-02 - 2026-03-09) See more at https://secdb.nttzen.cloud/dashboard Total CVEs: 1428 Severity: - Critical: 187 - High: 549 - Medium: 456 - Low: 43 - None: 193 Status: - : 38 - Analyzed: 324 - Awaiting Analysis: 475 - Modified: 83 - Received: 445 - Rejected: 7 - Undergoing Analysis: 56 Top CNAs: - GitHub, Inc.: 283 - Patchstack: 271 - MITRE: 128 - VulnCheck: 107 - VulDB: 85 - Wordfence: 74 - Android (associated with Google Inc. or Open Handset Alliance): 57 - Cisco Systems, Inc.: 50 - N/A: 38 - Acronis International GmbH: 23 Top Affected Products: - UNKNOWN: 1003 - Google Android: 74 - Chamilo Lms: 25 - Dlink Dir-513 Firmware: 20 - Huawei Harmonyos: 18 - Qualcomm Qca6595au Firmware: 14 - Qualcomm Wcd9380 Firmware: 14 - Qualcomm Wcd9385 Firmware: 14 - Qualcomm Wsa8830 Firmware: 14 - Qualcomm Wsa8815 Firmware: 14 Top EPSS Score: - CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256) - CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105) - CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070) - CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478) - CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101) - CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107) - CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227) - CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886) - CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675) - CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)

View original post

Related Resources

Details

CVE ID
CVE-2026-24107
Severity
Critical
CVSS Score
9.8
Type
command_injection
Status
confirmed
EPSS
112.8%
Social Posts
1

CWE

  • CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

112.8%Probability of exploitation in the next 30 days