CVE-2025-44865 Information

Description

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Reference

https://github.com/Summermu/VulnForIoT/tree/main/Tenda_W20E/formSetDebugCfg_enable/readme.md