PT-2026-4793 · Tenda · Tenda W30E
Kazuma Matsumoto
·
Published
2026-01-26
·
Updated
2026-01-26
·
CVE-2026-24436
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037)
Description
The firmware does not implement rate limiting or account lockout features on authentication endpoints. This allows attackers to attempt unrestricted brute-force attacks against administrative credentials. The affected device is used in home and small office networks.
Recommendations
Update to a firmware version newer than V16.01.0.19(5037).
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda W30E