PT-2026-4803 · Tenda · Tenda W30E
Kazuma Matsumoto
·
Publicado
2026-01-26
·
Atualizado
2026-01-26
·
CVE-2026-24439
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037)
Description
The web management interfaces of the affected device do not include the X-Content-Type-Options: nosniff response header. This can allow browsers that perform MIME sniffing to incorrectly interpret responses influenced by an attacker as executable script.
Recommendations
Update to a firmware version newer than V16.01.0.19(5037).
Correção
Improper Encoding or Escaping of Output
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tenda W30E