W30E
by Tenda
Source repositories
CVEs (61)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-45510 | Hig | 0.49 | 7.5 | 0.01 | Dec 8, 2022 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset. | ||
| CVE-2022-45509 | Hig | 0.49 | 7.5 | 0.01 | Dec 8, 2022 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName. | ||
| CVE-2022-45508 | Hig | 0.49 | 7.5 | 0.01 | Dec 8, 2022 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName. | ||
| CVE-2022-45507 | Hig | 0.49 | 7.5 | 0.01 | Dec 8, 2022 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName. | ||
| CVE-2022-45505 | Hig | 0.49 | 7.5 | 0.01 | Dec 8, 2022 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand. | ||
| CVE-2024-32290 | Med | 0.44 | 6.7 | 0.01 | Apr 17, 2024 | Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function. | ||
| CVE-2024-32287 | Med | 0.42 | 6.5 | 0.01 | Apr 17, 2024 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function. | ||
| CVE-2024-32288 | Med | 0.41 | 6.3 | 0.00 | Apr 17, 2024 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function. | ||
| CVE-2024-3880 | Med | 0.41 | 6.3 | 0.04 | Apr 16, 2024 | A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated… | ||
| CVE-2026-24439 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced… | |||
| CVE-2026-24432 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site request forgery (CSRF) protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can craft malicious requests… | |||
| CVE-2026-24433 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain a stored cross-site scripting vulnerability in the user creation functionality. Insufficient input validation allows attacker-controlled script content to be stored and later executed when… | |||
| CVE-2026-24431 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials. | |||
| CVE-2026-24437 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized… | |||
| CVE-2026-24428 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the… | |||
| CVE-2026-24430 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default,… | |||
| CVE-2026-24429 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in authentication account that is not required to be changed during initial configuration. An attacker can leverage these default credentials to… | |||
| CVE-2026-24440 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected… | |||
| CVE-2025-57085 | 0.00 | — | 0.00 | Sep 9, 2025 | Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||
| CVE-2025-57087 | 0.00 | — | 0.00 | Sep 9, 2025 | Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. |
- risk 0.49cvss 7.5epss 0.01
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset.
- risk 0.49cvss 7.5epss 0.01
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName.
- risk 0.49cvss 7.5epss 0.01
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName.
- risk 0.49cvss 7.5epss 0.01
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName.
- risk 0.49cvss 7.5epss 0.01
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand.
- risk 0.44cvss 6.7epss 0.01
Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function.
- risk 0.42cvss 6.5epss 0.01
Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function.
- risk 0.41cvss 6.3epss 0.00
Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function.
- risk 0.41cvss 6.3epss 0.04
A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated…
- CVE-2026-24439Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced…
- CVE-2026-24432Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site request forgery (CSRF) protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can craft malicious requests…
- CVE-2026-24433Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain a stored cross-site scripting vulnerability in the user creation functionality. Insufficient input validation allows attacker-controlled script content to be stored and later executed when…
- CVE-2026-24431Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials.
- CVE-2026-24437Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized…
- CVE-2026-24428Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the…
- CVE-2026-24430Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default,…
- CVE-2026-24429Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in authentication account that is not required to be changed during initial configuration. An attacker can leverage these default credentials to…
- CVE-2026-24440Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected…
- CVE-2025-57085Sep 9, 2025risk 0.00cvss —epss 0.00
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-57087Sep 9, 2025risk 0.00cvss —epss 0.00
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Page 3 of 4