Filtered by vendor Tenda
Subscriptions
Filtered by product W30e
Subscriptions
Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24432 | 1 Tenda | 1 W30e | 2026-01-27 | N/A |
| Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site request forgery (CSRF) protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can craft malicious requests that, when triggered by an authenticated user’s browser, modify administrative passwords and other configuration settings. | ||||
| CVE-2026-24435 | 1 Tenda | 1 W30e | 2026-01-27 | N/A |
| Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an insecure Cross-Origin Resource Sharing (CORS) policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: * in combination with Access-Control-Allow-Credentials: true, allowing attacker-controlled origins to issue credentialed cross-origin requests. | ||||
| CVE-2026-24439 | 1 Tenda | 1 W30e | 2026-01-27 | N/A |
| Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable script. | ||||
| CVE-2025-57087 | 1 Tenda | 2 W30e, W30e Firmware | 2025-09-18 | 7.5 High |
| Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-57085 | 1 Tenda | 2 W30e, W30e Firmware | 2025-09-17 | 9.8 Critical |
| Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-57086 | 1 Tenda | 2 W30e, W30e Firmware | 2025-09-17 | 7.5 High |
| Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2024-4171 | 1 Tenda | 2 W30e, W30e Firmware | 2025-07-15 | 8.8 High |
| A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the function fromWizardHandle of the file /goform/WizardHandle. The manipulation of the argument PPW leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-49404 | 1 Tenda | 2 W30e, W30e Firmware | 2025-05-28 | 9.8 Critical |
| Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet. | ||||
| CVE-2022-45525 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo. | ||||
| CVE-2022-45524 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave. | ||||
| CVE-2022-45523 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im. | ||||
| CVE-2022-45522 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter. | ||||
| CVE-2022-45521 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter. | ||||
| CVE-2022-45520 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting. | ||||
| CVE-2022-45519 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter. | ||||
| CVE-2022-45518 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind. | ||||
| CVE-2022-45517 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer. | ||||
| CVE-2022-45516 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting. | ||||
| CVE-2022-45515 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the entries parameter at /goform/addressNat. | ||||
| CVE-2022-45514 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | 7.5 High |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/webExcptypemanFilter. | ||||