CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-24435

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an insecure Cross-Origin Resource Sharing (CORS) policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: * in combination with Access-Control-Allow-Credentials: true, allowing attacker-controlled origins to issue credentialed cross-origin requests.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.9%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2026-24435

Tenda » W30e » Version: 2.0

cpe:2.3:h:tenda:w30e:2.0
Tenda » W30e Firmware » Version: 1.0.0.4(510)

cpe:2.3:o:tenda:w30e_firmware:1.0.0.4(510)
Tenda » W30e Firmware » Version: 1.0.1.25

cpe:2.3:o:tenda:w30e_firmware:1.0.1.25
Tenda » W30e Firmware » Version: 1.0.1.25(633)

cpe:2.3:o:tenda:w30e_firmware:1.0.1.25(633)
Tenda » W30e Firmware » Version: 16.01.0.12(4843)

cpe:2.3:o:tenda:w30e_firmware:16.01.0.12(4843)
Tenda » W30e Firmware » Version: 16.01.0.19(5037)

cpe:2.3:o:tenda:w30e_firmware:16.01.0.19(5037)
Tenda » W30e Firmware » Version: 16.01.0.8

cpe:2.3:o:tenda:w30e_firmware:16.01.0.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-24435

Products

Pricing

Contact Us