PT-2026-4803 · Tenda · Tenda W30E
Kazuma Matsumoto
·
Published
2026-01-26
·
Updated
2026-01-26
·
CVE-2026-24439
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037)
Description
The web management interfaces of the affected device do not include the X-Content-Type-Options: nosniff response header. This can allow browsers that perform MIME sniffing to incorrectly interpret responses influenced by an attacker as executable script.
Recommendations
Update to a firmware version newer than V16.01.0.19(5037).
Fix
Improper Encoding or Escaping of Output
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda W30E