Is W30e Firmware affected by CVE-2026-24430?

Tenda W30E V2 wireless devices expose administrator credentials in cleartext through their maintenance interface, creating immediate risk of unauthorized network access and data compromise.

CVE-2026-24430

HIGH

2026-01-26 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

CVE Published

Jan 26, 2026 - 18:16 nvd

HIGH 7.5

Description

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default, credentials may be exposed to network-based interception.

Analysis

Shenzhen Tenda W30E V2 firmware through V16.01.0.19(5037) transmits administrative credentials in plaintext over unencrypted HTTP from the maintenance interface, allowing unauthenticated network attackers to intercept and obtain account credentials. Affected devices lack authentication requirements for accessing this interface, making credential theft trivial for anyone on the same network. …

Remediation

Within 24 hours: Identify all Tenda W30E V2 devices in your environment and document firmware versions; isolate devices from production networks if possible and restrict maintenance interface access to trusted networks only. Within 7 days: Disable the maintenance interface if operationally feasible; if required, change all admin credentials immediately and rotate any credentials that may have been exposed. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

CVE-2026-24430 vulnerability details – vuln.today

Back

CVE-2026-24430

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-24430

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code