PT-2026-24098 · Tenda · Tenda W15E

Jhx-Ui

Published

2026-03-09

Updated

2026-03-09

CVE-2026-30140

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Tenda W15E version V02.03.01.26 cn

Description An incorrect access control issue exists that allows an unauthenticated attacker to access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint. This access enables the download of the configuration file, which contains administrator credentials in plaintext. Successful exploitation can lead to sensitive information disclosure and potential remote administrative access.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint.

Exploit

Fix

LPE

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2026-30140

Affected Products

Tenda W15E

PT-2026-24098 · Tenda · Tenda W15E

CVE-2026-30140

Weakness Enumeration

Related Identifiers

Affected Products

References · 5