PT-2026-4801 · Tenda · Tenda W30E V2
Kazuma Matsumoto
·
Published
2026-01-26
·
Updated
2026-01-26
·
CVE-2026-24432
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Shenzhen Tenda W30E V2 versions up to and including V16.01.0.19(5037)
Description
The device lacks cross-site request forgery (CSRF) protections on administrative endpoints. This allows an attacker to craft malicious requests that, when executed by an authenticated user, can modify administrative passwords and other configuration settings. The affected endpoints include those used to change administrator account credentials.
Recommendations
Update to a version newer than V16.01.0.19(5037).
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda W30E V2