CVE-2026-24440
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected endpoint is obtained.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Shenzhen Tenda Technology Co., Ltd. | W30E V2 | 0 <= 16.01.0.19(5037) | affected |
Weaknesses
- CWE-620: CWE-620 Unverified Password Change
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.tendacn.com/product/W30E
- https://www.vulncheck.com/advisories/tenda-w30e-v2-allows-password-change-without-verifying-current-password
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.