Skip to main content

W30e Firmware CVE-2026-24428

HIGH
Incorrect Authorization (CWE-863)
2026-01-26 disclosure@vulncheck.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:00 vuln.today
CVE Published
Jan 26, 2026 - 18:16 nvd
HIGH 8.8

DescriptionCVE.org

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the backend endpoint, an attacker can bypass role-based restrictions enforced by the web interface and obtain full administrative privileges.

AnalysisAI

Tenda W30E V2 firmware through version 16.01.0.19(5037) allows authenticated users with low privileges to escalate to administrator by exploiting broken authorization in the user management API, enabling password changes for admin accounts without proper access controls. An attacker with any valid user account can bypass web interface restrictions and gain full administrative access to the device. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privileged user
Delivery
Send crafted API request to user management endpoint
Exploit
Bypass role-based access control
Execution
Change administrator password
Impact
Gain full administrative privileges

Vulnerability AssessmentAI

Exploitation Tenda W30E V2 firmware V16.01.0.19(5037) or earlier with low-privileged user account already created. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 8.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker (requires authentication) could exploit this vulnerability to compromise the affected system.
Remediation Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Tenda W30E V2 devices in your environment and document firmware versions; disable remote management access if enabled. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-57086 HIGH POC
7.5 Sep 09

Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNo

CVE-2026-24429 CRITICAL
9.8 Jan 26

Default credentials in Tenda W30E V2 router firmware through V16.01.0.19. Known default password enables full administra

CVE-2026-24436 CRITICAL
9.8 Jan 26

Missing rate limiting and account lockout on Tenda W30E V2 authentication endpoints. Brute-force attacks are unrestricte

CVE-2026-24440 HIGH
8.8 Jan 26

Unauthenticated password modification in Tenda W30E V2 firmware through the maintenance interface allows authenticated u

CVE-2026-24430 HIGH
7.5 Jan 26

Shenzhen Tenda W30E V2 firmware through V16.01.0.19(5037) transmits administrative credentials in plaintext over unencry

CVE-2026-24435 MEDIUM
6.5 Jan 26

Tenda W30E firmware through V16.01.0.19(5037) is vulnerable to CORS misconfiguration that permits authenticated administ

CVE-2026-24439 MEDIUM
6.5 Jan 26

Tenda W30E firmware versions through V16.01.0.19(5037) omit the X-Content-Type-Options: nosniff header from web manageme

CVE-2026-24431 MEDIUM
6.5 Jan 26

Tenda W30E V2 firmware through V16.01.0.19(5037) exposes stored administrative passwords in plaintext on the management

CVE-2026-24437 MEDIUM
5.5 Jan 26

Tenda W30E V2 firmware through version 16.01.0.19(5037) fails to implement proper cache-control headers on sensitive adm

CVE-2026-24433 MEDIUM
5.4 Jan 26

Tenda W30E V2 firmware through V16.01.0.19(5037) fails to properly sanitize user input during account creation, allowing

CVE-2026-24432 MEDIUM
4.3 Jan 26

Tenda W30E V2 firmware through V16.01.0.19(5037) lacks CSRF protections on administrative functions, enabling attackers

CVE-2025-57085 CRITICAL POC
9.8 Sep 09

Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function.

Share

CVE-2026-24428 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy