VYPR

W30E

by Tenda

Source repositories

CVEs (61)

  • CVE-2022-45510HigDec 8, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset.

  • CVE-2022-45509HigDec 8, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName.

  • CVE-2022-45508HigDec 8, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName.

  • CVE-2022-45507HigDec 8, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName.

  • CVE-2022-45505HigDec 8, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand.

  • CVE-2024-32290MedApr 17, 2024
    risk 0.44cvss 6.7epss 0.01

    Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function.

  • CVE-2024-32287MedApr 17, 2024
    risk 0.42cvss 6.5epss 0.01

    Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function.

  • CVE-2024-32288MedApr 17, 2024
    risk 0.41cvss 6.3epss 0.00

    Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function.

  • CVE-2024-3880MedApr 16, 2024
    risk 0.41cvss 6.3epss 0.04

    A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated…

  • CVE-2026-24439Jan 26, 2026
    risk 0.00cvss epss 0.00

    Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced…

  • CVE-2026-24432Jan 26, 2026
    risk 0.00cvss epss 0.00

    Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site request forgery (CSRF) protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can craft malicious requests…

  • CVE-2026-24433Jan 26, 2026
    risk 0.00cvss epss 0.00

    Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain a stored cross-site scripting vulnerability in the user creation functionality. Insufficient input validation allows attacker-controlled script content to be stored and later executed when…

  • CVE-2026-24431Jan 26, 2026
    risk 0.00cvss epss 0.00

    Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials.

  • CVE-2026-24437Jan 26, 2026
    risk 0.00cvss epss 0.00

    Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized…

  • CVE-2026-24428Jan 26, 2026
    risk 0.00cvss epss 0.00

    Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the…

  • CVE-2026-24430Jan 26, 2026
    risk 0.00cvss epss 0.00

    Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default,…

  • CVE-2026-24429Jan 26, 2026
    risk 0.00cvss epss 0.00

    Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in authentication account that is not required to be changed during initial configuration. An attacker can leverage these default credentials to…

  • CVE-2026-24440Jan 26, 2026
    risk 0.00cvss epss 0.00

    Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected…

  • CVE-2025-57085Sep 9, 2025
    risk 0.00cvss epss 0.00

    Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-57087Sep 9, 2025
    risk 0.00cvss epss 0.00

    Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.