W30E
by Tenda
Source repositories
CVEs (61)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-38835 | Cri | 0.64 | 9.8 | 0.02 | Apr 21, 2026 | Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||
| CVE-2024-32286 | Cri | 0.64 | 9.8 | 0.01 | Apr 17, 2024 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function. | ||
| CVE-2023-49411 | Cri | 0.64 | 9.8 | 0.01 | Dec 7, 2023 | Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode. | ||
| CVE-2023-49406 | Cri | 0.64 | 9.8 | 0.02 | Dec 7, 2023 | Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet. | ||
| CVE-2023-49405 | Cri | 0.64 | 9.8 | 0.01 | Dec 7, 2023 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg. | ||
| CVE-2023-49404 | Cri | 0.64 | 9.8 | 0.01 | Dec 7, 2023 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet. | ||
| CVE-2023-50002 | Cri | 0.64 | 9.8 | 0.01 | Dec 7, 2023 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode. | ||
| CVE-2023-50001 | Cri | 0.64 | 9.8 | 0.01 | Dec 7, 2023 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline. | ||
| CVE-2023-50000 | Cri | 0.64 | 9.8 | 0.01 | Dec 7, 2023 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode. | ||
| CVE-2023-49999 | Cri | 0.64 | 9.8 | 0.02 | Dec 7, 2023 | Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition. | ||
| CVE-2023-49410 | Cri | 0.64 | 9.8 | 0.01 | Dec 7, 2023 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status. | ||
| CVE-2023-49403 | Cri | 0.64 | 9.8 | 0.02 | Dec 7, 2023 | Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools. | ||
| CVE-2023-49402 | Cri | 0.64 | 9.8 | 0.01 | Dec 7, 2023 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg. | ||
| CVE-2023-25231 | Cri | 0.64 | 9.8 | 0.01 | Feb 27, 2023 | Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface. | ||
| CVE-2022-45506 | Cri | 0.64 | 9.8 | 0.02 | Dec 8, 2022 | Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName. | ||
| CVE-2024-4171 | Hig | 0.57 | 8.8 | 0.01 | Apr 25, 2024 | A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the function fromWizardHandle of the file /goform/WizardHandle. The manipulation of the argument PPW leads to stack-based buffer overflow. It is possible to launch the attack remotely.… | ||
| CVE-2024-32292 | Hig | 0.57 | 8.8 | 0.02 | Apr 17, 2024 | Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | ||
| CVE-2024-3882 | Hig | 0.57 | 8.8 | 0.01 | Apr 16, 2024 | A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been classified as critical. Affected is the function fromRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the… | ||
| CVE-2024-3881 | Hig | 0.57 | 8.8 | 0.01 | Apr 16, 2024 | A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. This issue affects the function frmL7PlotForm of the file /goform/frmL7ProtForm. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely.… | ||
| CVE-2024-3879 | Hig | 0.57 | 8.8 | 0.01 | Apr 16, 2024 | A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1.25(633). This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack… |
- risk 0.64cvss 9.8epss 0.02
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- risk 0.64cvss 9.8epss 0.01
Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function.
- risk 0.64cvss 9.8epss 0.01
Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode.
- risk 0.64cvss 9.8epss 0.02
Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
- risk 0.64cvss 9.8epss 0.01
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg.
- risk 0.64cvss 9.8epss 0.01
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet.
- risk 0.64cvss 9.8epss 0.01
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode.
- risk 0.64cvss 9.8epss 0.01
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline.
- risk 0.64cvss 9.8epss 0.01
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode.
- risk 0.64cvss 9.8epss 0.02
Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition.
- risk 0.64cvss 9.8epss 0.01
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status.
- risk 0.64cvss 9.8epss 0.02
Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools.
- risk 0.64cvss 9.8epss 0.01
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg.
- risk 0.64cvss 9.8epss 0.01
Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.
- risk 0.64cvss 9.8epss 0.02
Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName.
- risk 0.57cvss 8.8epss 0.01
A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the function fromWizardHandle of the file /goform/WizardHandle. The manipulation of the argument PPW leads to stack-based buffer overflow. It is possible to launch the attack remotely.…
- risk 0.57cvss 8.8epss 0.02
Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.
- risk 0.57cvss 8.8epss 0.01
A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been classified as critical. Affected is the function fromRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the…
- risk 0.57cvss 8.8epss 0.01
A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. This issue affects the function frmL7PlotForm of the file /goform/frmL7ProtForm. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely.…
- risk 0.57cvss 8.8epss 0.01
A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1.25(633). This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack…
Page 1 of 4