Tenda W30E Firmware vulnerabilities

CVE-2026-24436 [CRITICAL] CWE-307 CVE-2026-24436: Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate l Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials.

CVE-2026-24429 [CRITICAL] CWE-1393 CVE-2026-24429: Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefine Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in authentication account that is not required to be changed during initial configuration. An attacker can leverage these default credentials to gain authenticated access to the management interface.

CVE-2026-24430 [HIGH] CWE-201 CVE-2026-24430: Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive ac Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default, credentials may be exposed to network-based interception.

CVE-2026-24431 [HIGH] CWE-317 CVE-2026-24431: Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) display stored user a Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials.

CVE-2026-24435 [HIGH] CWE-942 CVE-2026-24435: Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an insecure Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an insecure Cross-Origin Resource Sharing (CORS) policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: * in combination with Access-Control-Allow-Credentials: true, allowing attacker-controlled origins to issue credentialed

CVE-2026-24428 [HIGH] CWE-863 CVE-2026-24428: Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorizat Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the backend endpoint, an attacker can bypass role-based restrictions enforced by t

CVE-2026-24440 [HIGH] CWE-620 CVE-2026-24440: Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwor Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected endpoint is obtained.

CVE-2026-24433 [MEDIUM] CWE-79 CVE-2026-24433: Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain a stored cros Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain a stored cross-site scripting vulnerability in the user creation functionality. Insufficient input validation allows attacker-controlled script content to be stored and later executed when administrative users access the affected management pages.

CVE-2026-24437 [MEDIUM] CWE-525 CVE-2026-24437: Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive admin Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access.

CVE-2026-24432 [MEDIUM] CWE-352 CVE-2026-24432: Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site reque Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site request forgery (CSRF) protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can craft malicious requests that, when triggered by an authenticated user’s browser, modify administ

CVE-2026-24439 [LOW] CWE-116 CVE-2026-24439: Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable script.

CVE-2025-57085 [CRITICAL] CWE-121 CVE-2025-57085: Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-57087 [HIGH] CWE-121 CVE-2025-57087: Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode paramete Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-57086 [HIGH] CWE-121 CVE-2025-57086: Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2024-52789 [HIGH] CWE-798 CVE-2024-52789: Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/s Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.

CVE-2024-4171 [HIGH] CWE-121 CVE-2024-4171: A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the fu A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the function fromWizardHandle of the file /goform/WizardHandle. The manipulation of the argument PPW leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261990 is

CVE-2024-32286 [CRITICAL] CWE-125 CVE-2024-32286: Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page para Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function.

CVE-2024-32285 [HIGH] CWE-121 CVE-2024-32285: Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password paramete Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function.

CVE-2024-32293 [HIGH] CWE-121 CVE-2024-32293: Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function.

CVE-2024-32291 [HIGH] CWE-121 CVE-2024-32291: Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function.