CVE-2026-24107
Published: 02 March 2026
Summary
CVE-2026-24107 is a critical-severity Code Injection (CWE-94) vulnerability in Tenda W20E Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents command injection by requiring validation mechanisms for untrusted inputs like usbPartitionName before passing to doSystemCmd.
Mitigates the vulnerability through timely identification, reporting, and correction of the input validation flaw via firmware patching.
Detects the command injection vulnerability in router firmware through regular vulnerability scanning.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote command injection in public-facing router firmware directly enables T1190 (Exploit Public-Facing Application) for initial access and facilitates T1059.008 (Network Device CLI) via arbitrary command execution through doSystemCmd.
NVD Description
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabilities.
Deeper analysisAI
CVE-2026-24107 is a critical command injection vulnerability (CWE-94) discovered in the Tenda W20E router running firmware version V4.0br_V15.11.0.6, published on 2026-03-02. The issue arises from a failure to validate the `usbPartitionName` parameter, which is directly passed to the `doSystemCmd` function, allowing attackers to inject and execute arbitrary commands on the device. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for complete compromise.
The vulnerability can be exploited by unauthenticated remote attackers over the network with low attack complexity and no requirement for user interaction. Exploitation enables high-impact disruption to confidentiality, integrity, and availability, such as executing arbitrary code, escalating privileges, or fully controlling the affected router.
Advisories and mitigation guidance are referenced in Tenda's official material at https://www.tenda.com.cn/material/show/2707 and a GitHub CVE report at https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24107.
Details
- CWE(s)