VYPR

W30e Firmware

by Tenda

CVEs (4)

  • CVE-2026-38835CriApr 21, 2026
    risk 0.64cvss 9.8epss 0.02

    Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2026-38834HigApr 21, 2026
    risk 0.49cvss 7.3epss 0.01

    Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2024-32292Apr 17, 2024
    risk 0.00cvss epss 0.02

    Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.

  • CVE-2024-32293Apr 17, 2024
    risk 0.00cvss epss 0.06

    Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function.