Shodan
Vulnerabilities
Vulnerable Software
Tenda:  >> W30e Firmware  Security Vulnerabilities
CVE-2024-52789
Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.
CVSS Score
8.0
EPSS Score
0.0
Published
2024-11-19
CVE-2024-32291
Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32292
Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-04-17
CVE-2024-32293
Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32285
Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32286
Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-04-17
CVE-2024-32287
Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32288
Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32290
Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function.
CVSS Score
6.7
EPSS Score
0.001
Published
2024-04-17
CVE-2024-3881
A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. This issue affects the function frmL7PlotForm of the file /goform/frmL7ProtForm. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260915. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-04-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved