Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-24428

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the backend endpoint, an attacker can bypass role-based restrictions enforced by the web interface and obtain full administrative privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.4%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2026-24428
  • Tenda » W30e » Version: 2.0
    cpe:2.3:h:tenda:w30e:2.0
  • Tenda » W30e Firmware » Version: 1.0.0.4(510)
    cpe:2.3:o:tenda:w30e_firmware:1.0.0.4(510)
  • Tenda » W30e Firmware » Version: 1.0.1.25
    cpe:2.3:o:tenda:w30e_firmware:1.0.1.25
  • Tenda » W30e Firmware » Version: 1.0.1.25(633)
    cpe:2.3:o:tenda:w30e_firmware:1.0.1.25(633)
  • Tenda » W30e Firmware » Version: 16.01.0.12(4843)
    cpe:2.3:o:tenda:w30e_firmware:16.01.0.12(4843)
  • Tenda » W30e Firmware » Version: 16.01.0.19(5037)
    cpe:2.3:o:tenda:w30e_firmware:16.01.0.19(5037)
  • Tenda » W30e Firmware » Version: 16.01.0.8
    cpe:2.3:o:tenda:w30e_firmware:16.01.0.8


Products
Pricing
Contact Us

Shodan ® - All rights reserved