Details of VAR-202601-4121

ID

VAR-202601-4121

CVE

CVE-2026-24430

TITLE

Shenzhen Tenda Technology Co.,Ltd. of w30e Firmware vulnerability related to the injection of sensitive information into transmitted data

Trust: 0.8

sources: JVNDB: JVNDB-2026-002128

DESCRIPTION

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default, credentials may be exposed to network-based interception. HTTP This allows credentials to be intercepted over the network.All information handled by the software may be leaked to the outside. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-24430 // JVNDB: JVNDB-2026-002128

AFFECTED PRODUCTS

vendor:	tenda	model:	w30e	scope:	lte	version:	16.01.0.19\(5037\)	Trust: 1.0
vendor:	tenda	model:	w30e	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	w30e	scope:	lte	version:	w30e firmware 16.01.0.19¥(5037¥) and earlier	Trust: 0.8
vendor:	tenda	model:	w30e	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-002128 // NVD: CVE-2026-24430

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2026-24430
value:	HIGH
Trust: 1.0
disclosure@vulncheck.com:	CVE-2026-24430
value:	HIGH
Trust: 1.0
NVD:	CVE-2026-24430
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2026-24430
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2026-24430
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-002128 // NVD: CVE-2026-24430 // NVD: CVE-2026-24430

PROBLEMTYPE DATA

problemtype:	CWE-201	Trust: 1.0
problemtype:	Inserting important information into transmitted data (CWE-201) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-002128 // NVD: CVE-2026-24430

PATCH

title:

Page Not Found | VulnCheck

url:

https://www.vulncheck.com/advisories/tenda-w30e-v2-http-responses-expose-plaintext-credentials

Trust: 0.8

sources: JVNDB: JVNDB-2026-002128

EXTERNAL IDS

db:	NVD	id:	CVE-2026-24430	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-002128	Trust: 0.8

sources: JVNDB: JVNDB-2026-002128 // NVD: CVE-2026-24430

REFERENCES

url:	https://www.tendacn.com/product/w30e	Trust: 1.8
url:	https://www.vulncheck.com/advisories/tenda-w30e-v2-http-responses-expose-plaintext-credentials	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-24430	Trust: 0.8

sources: JVNDB: JVNDB-2026-002128 // NVD: CVE-2026-24430

SOURCES

db:	JVNDB	id:	JVNDB-2026-002128
db:	NVD	id:	CVE-2026-24430

LAST UPDATE DATE

2026-01-31T23:21:53.382000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-002128	date:	2026-01-30T05:12:00
db:	NVD	id:	CVE-2026-24430	date:	2026-01-28T20:16:51.880

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-002128	date:	2026-01-30T00:00:00
db:	NVD	id:	CVE-2026-24430	date:	2026-01-26T18:16:40.423