Tenda W30e Firmware

Tenda W30E V2 (<=16.01.0.19) Insecure CORS on Authenticated Admin
CVE-2026-24435 - January 26, 2026

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an insecure Cross-Origin Resource Sharing (CORS) policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: * in combination with Access-Control-Allow-Credentials: true, allowing attacker-controlled origins to issue credentialed cross-origin requests.

Permissive Cross-domain Policy with Untrusted Domains

Tenda W30E V2 v<=16.01.0.19: X-CTO Missing on Web UI
CVE-2026-24439 - January 26, 2026

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable script.

Output Sanitization

CSRF on admin endpoints in Shenzhen Tenda W30E V2 firmware 16.01.0.19
CVE-2026-24432 - January 26, 2026

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site request forgery (CSRF) protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can craft malicious requests that, when triggered by an authenticated users browser, modify administrative passwords and other configuration settings.

Session Riding

Shenzhen Tenda W30E V2 XSS in Admin User Creation (v16.01.0.19(5037))
CVE-2026-24433 - January 26, 2026

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain a stored cross-site scripting vulnerability in the user creation functionality. Insufficient input validation allows attacker-controlled script content to be stored and later executed when administrative users access the affected management pages.

XSS

Plaintext Password Leak in Shenzhen Tenda W30E V2 (16.01.0.19) Admin UI
CVE-2026-24431 - January 26, 2026

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials.

Cleartext Storage of Sensitive Information in GUI

Cache-Control Flaw Exposes Credentials in Tenda W30E V2 (16.01.0.19)
CVE-2026-24437 - January 26, 2026

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access.

Use of Web Browser Cache Containing Sensitive Information

Shenzhen Tenda W30E V2 Unrestricted Brute-Force Auth (16.01.0.19)
CVE-2026-24436 - January 26, 2026

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials.

Improper Restriction of Excessive Authentication Attempts

Tenda W30E V2 Auth Bypass in User Mgmt API (V16.01.0.19)
CVE-2026-24428 - January 26, 2026

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the backend endpoint, an attacker can bypass role-based restrictions enforced by the web interface and obtain full administrative privileges.

AuthZ

Shenzhen Tenda W30E V2: Credentials In Cleartext over HTTP (16.01.0.19)
CVE-2026-24430 - January 26, 2026

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default, credentials may be exposed to network-based interception.

Insertion of Sensitive Information Into Sent Data

Tenda W30E V2 Router Default Password Vulnerability (Pre-16.01.0.19)
CVE-2026-24429 - January 26, 2026

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in authentication account that is not required to be changed during initial configuration. An attacker can leverage these default credentials to gain authenticated access to the management interface.

1393

Unauthorized pwd changes via maintenance interface in Tenda W30E V2 <=16.01.0.19
CVE-2026-24440 - January 26, 2026

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected endpoint is obtained.

Unverified Password Change

Tenda W30E v2.0 Hardcoded Password Vulnerability in /etc_ro/shadow
CVE-2024-52789 - November 19, 2024

Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.

Stack Buffer Overflow in Tenda W30E 1.0/1.0.1.25 WizardHandle via PPW
CVE-2024-4171 - April 25, 2024

A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the function fromWizardHandle of the file /goform/WizardHandle. The manipulation of the argument PPW leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Stack Overflow

Stack Overflow in Tenda W30E v1.0.1.25 via 'page' param
CVE-2024-32290 - April 17, 2024

Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function.

Tenda W30E v1.0: stack overflow in fromNatlimit via page param
CVE-2024-32291 - April 17, 2024

Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function.

Tenda W30E 1.0.1.25 CMD Injection via formexeCommand cmdinput
CVE-2024-32292 - April 17, 2024

Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.

Tenda W30E v1.0 stack overflow via page param in fromDhcpListClient
CVE-2024-32293 - April 17, 2024

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function.

Tenda W30E 1.0.1.25 stack overflow via formaddUserName password
CVE-2024-32285 - April 17, 2024

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function.

Tenda W30E v1.0 IoT Router: stack overflow via page param in fromVirtualSer
CVE-2024-32286 - April 17, 2024

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function.

Stack Overflow via qos in Tenda W30E v1.0.1.25 firmware
CVE-2024-32287 - April 17, 2024

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function.

Tenda W30E stack overflow via page param in firmware v1.0.1.25
CVE-2024-32288 - April 17, 2024

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function.

Tenda W30E 1.0.1.25 Stack Buffer Overflow in /goform/frmL7ProtForm
CVE-2024-3881 8.8 - High - April 16, 2024

A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. This issue affects the function frmL7PlotForm of the file /goform/frmL7ProtForm. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260915. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Critical stack buffer overflow in Tenda W30E 1.0.1.25(633) fromRouteStatic
CVE-2024-3882 8.8 - High - April 16, 2024

A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been classified as critical. Affected is the function fromRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260916. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Critical OS Command Injection in Tenda W30E 1.0.1.25 /goform/WriteFacMac
CVE-2024-3880 8.8 - High - April 16, 2024

A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260914 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

Critical stack-based buffer overflow in Tenda W30E 1.0.1.25(633) formSetCfm
CVE-2024-3879 8.8 - High - April 16, 2024

A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1.25(633). This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260913 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda W30E v16.01.0.12 stack overflow via formAdvancedSetListSet
CVE-2023-49404 9.8 - Critical - December 07, 2023

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet.

Memory Corruption

Tenda W30E V1.0.1.25 Buffer Overflow in fromRouteStatic
CVE-2023-25231 9.8 - Critical - February 27, 2023

Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.

Memory Corruption

Stack Overflow in Tenda W30E V1.0.1.25 via Go param in /goform/SafeMacFilter
CVE-2022-45519 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter.

Memory Corruption

Tenda W30E V1.0.1.25 Stack Overflow via /goform/NatStaticSetting
CVE-2022-45516 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting.

Memory Corruption

Tenda W30E V1.0.1.25 stack overflow on goform/addressNat entries
CVE-2022-45515 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the entries parameter at /goform/addressNat.

Memory Corruption

Tenda W30E v1.0.1.25 Stack Overflow via /goform/webExcptypemanFilter
CVE-2022-45514 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/webExcptypemanFilter.

Memory Corruption

Tenda W30E v1.0.1.25 stack overflow in CertListInfo
CVE-2022-45525 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo.

Memory Corruption

Stack Overflow in Tenda W30E V1.0.1.25 via opttype in /goform/IPSECsave
CVE-2022-45524 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave.

Memory Corruption

Stack Overflow via /goform/L7Im in Tenda W30E V1.0.1.25
CVE-2022-45523 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im.

Memory Corruption

Tenda W30E V1.0.1.25 SafeClientFilter Stack Overflow (CVE-2022-45522)
CVE-2022-45522 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter.

Memory Corruption

Stack Overflow in Tenda W30E /goform/SafeUrlFilter (V1.0.1.25)
CVE-2022-45521 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter.

Memory Corruption

Tenda W30E V1.0.1.25 Stack Overflow via /goform/qossetting
CVE-2022-45520 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting.

Memory Corruption

Tenda W30E V1.0.1.25 Stack Overflow via /goform/P2pListFilter (page param)
CVE-2022-45513 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/P2pListFilter.

Memory Corruption

Tenda W30E V1.0.1.25 Stack Overflow via /goform/SetIpBind
CVE-2022-45518 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind.

Memory Corruption

Stack Overflow in Tenda W30E V1.0.1.25: /goform/VirtualSer 'page' param
CVE-2022-45517 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer.

Memory Corruption

Tenda W30E V1.0.1.25 Stack Overflow via cmdinput /goform/exeCommand
CVE-2022-45505 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand.

Memory Corruption

Command Injection Tenda W30E v1.0.1.25 via fileNameMit
CVE-2022-45506 9.8 - Critical - December 08, 2022

Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName.

Shell injection

Stack Overflow in Tenda W30E V1.0.1.25 via /goform/editFileName (CVE-2022-45507)
CVE-2022-45507 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName.

Memory Corruption

Tenda W30E V1.0.1.25 Stack Overflow via new_account
CVE-2022-45508 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName.

Memory Corruption

Tenda W30E 1.0.1.25 Stack Overflow via /goform/addUserName
CVE-2022-45509 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName.

Memory Corruption

Stack Overflow via mit_ssid_index in AdvSetWrlsafeset: Tenda W30E V1.0.1.25
CVE-2022-45510 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset.

Memory Corruption

Stack Overflow in Tenda W30E V1.0.1.25 via /goform/QuickIndex
CVE-2022-45511 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the PPPOEPassword parameter at /goform/QuickIndex.

Memory Corruption

Tenda W30E Stack Overflow via SafeEmailFilter page param (V1.0.1.25)
CVE-2022-45512 7.5 - High - December 08, 2022

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeEmailFilter.

Memory Corruption