PT-2026-4790 · Tenda · Tenda W30E
Kazuma Matsumoto
·
Published
2026-01-26
·
Updated
2026-01-26
·
CVE-2026-24430
CVSS v4.0
8.2
High
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037)
Description
The firmware discloses sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. The management interface is accessible over unencrypted HTTP by default, potentially exposing credentials to network-based interception.
Recommendations
Update to a firmware version newer than V16.01.0.19(5037).
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda W30E