CVE-2026-24436
9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Shenzhen Tenda Technology Co., Ltd. | W30E V2 | 0 <= 16.01.0.19(5037) | affected |
Weaknesses
- CWE-307: CWE-307 Improper Restriction of Excessive Authentication Attempts
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.tendacn.com/product/W30E
- https://www.vulncheck.com/advisories/tenda-w30e-v2-lacks-rate-limiting-on-authentication
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.