CVE-2026-38834

Name of the Vulnerable Software and Affected Versions Tenda W30E V2.0 version V16.01.0.21

Description Command injection is possible in the do ping action() function through the hostName parameter. This allows attackers to execute arbitrary commands by sending a crafted request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.