Unrated severityNVD Advisory· Published Jan 26, 2026· Updated Mar 5, 2026
Tenda W30E V2 Missing CSRF Protections for Administrative Actions
CVE-2026-24432
Description
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site request forgery (CSRF) protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can craft malicious requests that, when triggered by an authenticated user’s browser, modify administrative passwords and other configuration settings.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- www.vulncheck.com/advisories/tenda-w30e-v2-missing-csrf-protections-for-administrative-actionsmitrethird-party-advisory
- www.tendacn.com/product/W30Emitreproduct
News mentions
0No linked articles in our index yet.