Skip to main content

W30e Firmware

61 CVEs product

Monthly

CVE-2026-24440 HIGH This Week

Unauthenticated password modification in Tenda W30E V2 firmware through the maintenance interface allows authenticated users to reset account credentials without password verification, potentially enabling privilege escalation or account takeover on affected devices. The vulnerability affects firmware versions up to V16.01.0.19(5037) and currently lacks an available patch.

Authentication Bypass W30e Firmware
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-24439 MEDIUM This Month

Tenda W30E firmware versions through V16.01.0.19(5037) omit the X-Content-Type-Options: nosniff header from web management interfaces, enabling MIME type confusion attacks. An unauthenticated remote attacker can exploit this to inject malicious scripts that browsers may execute as legitimate content, potentially compromising the integrity and confidentiality of management traffic. No patch is currently available for this vulnerability.

XSS W30e Firmware
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24437 MEDIUM This Month

Tenda W30E V2 firmware through version 16.01.0.19(5037) fails to implement proper cache-control headers on sensitive administrative responses, allowing a local authenticated attacker to retrieve cached credentials from the browser's storage. This high-confidentiality impact vulnerability has no available patch and affects users on vulnerable firmware versions.

Authentication Bypass W30e Firmware
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-24436 CRITICAL Act Now

Missing rate limiting and account lockout on Tenda W30E V2 authentication endpoints. Brute-force attacks are unrestricted.

Authentication Bypass W30e Firmware
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-24435 MEDIUM This Month

Tenda W30E firmware through V16.01.0.19(5037) is vulnerable to CORS misconfiguration that permits authenticated administrative endpoints to accept credentialed cross-origin requests from arbitrary origins. An authenticated attacker can exploit this vulnerability to perform unauthorized actions on affected devices by tricking administrators into visiting malicious web pages. No patch is currently available for this vulnerability.

Information Disclosure W30e Firmware
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24433 MEDIUM This Month

Tenda W30E V2 firmware through V16.01.0.19(5037) fails to properly sanitize user input during account creation, allowing authenticated attackers to inject persistent malicious scripts that execute in administrators' browsers when accessing management pages. This stored XSS vulnerability enables session hijacking, credential theft, and unauthorized configuration changes with low complexity exploitation requiring only user interaction from an admin. No patch is currently available for affected devices.

XSS W30e Firmware
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-24432 MEDIUM This Month

Tenda W30E V2 firmware through V16.01.0.19(5037) lacks CSRF protections on administrative functions, enabling attackers to hijack authenticated admin sessions and modify configuration settings or reset administrator credentials. An attacker can craft malicious requests that execute with the privileges of a logged-in administrator when visited in their browser. No patch is currently available for this vulnerability.

CSRF W30e Firmware
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24431 MEDIUM This Month

Tenda W30E V2 firmware through V16.01.0.19(5037) exposes stored administrative passwords in plaintext on the management interface, allowing any authenticated user to retrieve credentials. This information disclosure affects administrative account security and could enable privilege escalation or lateral movement. No patch is currently available.

Information Disclosure W30e Firmware
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24430 HIGH This Week

Shenzhen Tenda W30E V2 firmware through V16.01.0.19(5037) transmits administrative credentials in plaintext over unencrypted HTTP from the maintenance interface, allowing unauthenticated network attackers to intercept and obtain account credentials. Affected devices lack authentication requirements for accessing this interface, making credential theft trivial for anyone on the same network. No patch is currently available for this vulnerability.

Information Disclosure W30e Firmware
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24429 CRITICAL Act Now

Default credentials in Tenda W30E V2 router firmware through V16.01.0.19. Known default password enables full administrative access.

Information Disclosure W30e Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24428 HIGH This Week

Tenda W30E V2 firmware through version 16.01.0.19(5037) allows authenticated users with low privileges to escalate to administrator by exploiting broken authorization in the user management API, enabling password changes for admin accounts without proper access controls. An attacker with any valid user account can bypass web interface restrictions and gain full administrative access to the device. No patch is currently available for this vulnerability.

Authentication Bypass W30e Firmware
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-57086 HIGH POC This Week

Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57085 CRITICAL POC Act Now

Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-57087 HIGH POC This Month

Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-52789 HIGH POC This Week

Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tenda W30e Firmware
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-4171 HIGH This Week

A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-32293 HIGH POC This Week

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
5.6%
CVE-2024-32292 HIGH POC This Week

Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection W30e Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-32291 HIGH POC This Week

Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-32290 MEDIUM POC This Month

Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
6.7
EPSS
0.7%
CVE-2024-32288 MEDIUM POC This Month

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-32287 MEDIUM POC This Month

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-32286 CRITICAL POC Act Now

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Information Disclosure W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-32285 HIGH POC This Week

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-3882 HIGH This Week

A vulnerability was found in Tenda W30E 1.0.1.25(633). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-3881 HIGH This Week

A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-3880 HIGH This Week

A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tenda Command Injection W30e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
4.4%
CVE-2024-3879 HIGH This Week

A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1.25(633). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-49411 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49406 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-49405 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49404 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-50002 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-50001 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-50000 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49999 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Command Injection Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-49410 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49403 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Command Injection Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-49402 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25231 CRITICAL POC Act Now

Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-45525 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45524 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45523 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45522 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45521 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45520 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45519 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45518 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45517 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45516 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45515 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the entries parameter at /goform/addressNat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45514 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/webExcptypemanFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45513 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/P2pListFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45512 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeEmailFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45511 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the PPPOEPassword parameter at /goform/QuickIndex. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45510 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45509 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45508 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45507 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-45506 CRITICAL POC Act Now

Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-45505 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
EPSS 0% CVSS 8.8
HIGH This Week

Unauthenticated password modification in Tenda W30E V2 firmware through the maintenance interface allows authenticated users to reset account credentials without password verification, potentially enabling privilege escalation or account takeover on affected devices. The vulnerability affects firmware versions up to V16.01.0.19(5037) and currently lacks an available patch.

Authentication Bypass W30e Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Tenda W30E firmware versions through V16.01.0.19(5037) omit the X-Content-Type-Options: nosniff header from web management interfaces, enabling MIME type confusion attacks. An unauthenticated remote attacker can exploit this to inject malicious scripts that browsers may execute as legitimate content, potentially compromising the integrity and confidentiality of management traffic. No patch is currently available for this vulnerability.

XSS W30e Firmware
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Tenda W30E V2 firmware through version 16.01.0.19(5037) fails to implement proper cache-control headers on sensitive administrative responses, allowing a local authenticated attacker to retrieve cached credentials from the browser's storage. This high-confidentiality impact vulnerability has no available patch and affects users on vulnerable firmware versions.

Authentication Bypass W30e Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Missing rate limiting and account lockout on Tenda W30E V2 authentication endpoints. Brute-force attacks are unrestricted.

Authentication Bypass W30e Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Tenda W30E firmware through V16.01.0.19(5037) is vulnerable to CORS misconfiguration that permits authenticated administrative endpoints to accept credentialed cross-origin requests from arbitrary origins. An authenticated attacker can exploit this vulnerability to perform unauthorized actions on affected devices by tricking administrators into visiting malicious web pages. No patch is currently available for this vulnerability.

Information Disclosure W30e Firmware
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Tenda W30E V2 firmware through V16.01.0.19(5037) fails to properly sanitize user input during account creation, allowing authenticated attackers to inject persistent malicious scripts that execute in administrators' browsers when accessing management pages. This stored XSS vulnerability enables session hijacking, credential theft, and unauthorized configuration changes with low complexity exploitation requiring only user interaction from an admin. No patch is currently available for affected devices.

XSS W30e Firmware
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Tenda W30E V2 firmware through V16.01.0.19(5037) lacks CSRF protections on administrative functions, enabling attackers to hijack authenticated admin sessions and modify configuration settings or reset administrator credentials. An attacker can craft malicious requests that execute with the privileges of a logged-in administrator when visited in their browser. No patch is currently available for this vulnerability.

CSRF W30e Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Tenda W30E V2 firmware through V16.01.0.19(5037) exposes stored administrative passwords in plaintext on the management interface, allowing any authenticated user to retrieve credentials. This information disclosure affects administrative account security and could enable privilege escalation or lateral movement. No patch is currently available.

Information Disclosure W30e Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Shenzhen Tenda W30E V2 firmware through V16.01.0.19(5037) transmits administrative credentials in plaintext over unencrypted HTTP from the maintenance interface, allowing unauthenticated network attackers to intercept and obtain account credentials. Affected devices lack authentication requirements for accessing this interface, making credential theft trivial for anyone on the same network. No patch is currently available for this vulnerability.

Information Disclosure W30e Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Default credentials in Tenda W30E V2 router firmware through V16.01.0.19. Known default password enables full administrative access.

Information Disclosure W30e Firmware
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Tenda W30E V2 firmware through version 16.01.0.19(5037) allows authenticated users with low privileges to escalate to administrator by exploiting broken authorization in the user management API, enabling password changes for admin accounts without proper access controls. An attacker with any valid user account can bypass web interface restrictions and gain full administrative access to the device. No patch is currently available for this vulnerability.

Authentication Bypass W30e Firmware
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Month

Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH POC This Week

Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tenda W30e Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 6% CVSS 8.0
HIGH POC This Week

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection W30e Firmware
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 6.7
MEDIUM POC This Month

Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM POC This Month

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda W30E 1.0.1.25(633). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 4% CVSS 8.8
HIGH This Week

A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tenda Command Injection W30e Firmware
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1.25(633). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tenda W30e Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Command Injection +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Command Injection +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the entries parameter at /goform/addressNat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/webExcptypemanFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/P2pListFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeEmailFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the PPPOEPassword parameter at /goform/QuickIndex. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection W30e Firmware
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy