CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-24433

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain a stored cross-site scripting vulnerability in the user creation functionality. Insufficient input validation allows attacker-controlled script content to be stored and later executed when administrative users access the affected management pages.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 2.5%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2026-24433

Tenda » W30e » Version: 2.0

cpe:2.3:h:tenda:w30e:2.0
Tenda » W30e Firmware » Version: 1.0.0.4(510)

cpe:2.3:o:tenda:w30e_firmware:1.0.0.4(510)
Tenda » W30e Firmware » Version: 1.0.1.25

cpe:2.3:o:tenda:w30e_firmware:1.0.1.25
Tenda » W30e Firmware » Version: 1.0.1.25(633)

cpe:2.3:o:tenda:w30e_firmware:1.0.1.25(633)
Tenda » W30e Firmware » Version: 16.01.0.12(4843)

cpe:2.3:o:tenda:w30e_firmware:16.01.0.12(4843)
Tenda » W30e Firmware » Version: 16.01.0.19(5037)

cpe:2.3:o:tenda:w30e_firmware:16.01.0.19(5037)
Tenda » W30e Firmware » Version: 16.01.0.8

cpe:2.3:o:tenda:w30e_firmware:16.01.0.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-24433

Products

Pricing

Contact Us