Sign-up

ID

VAR-202601-4122


CVE

CVE-2026-24436


TITLE

Shenzhen Tenda Technology Co.,Ltd. of w30e  Firmware Improperly Limiting Excessive Authentication Attempts Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2026-002124

DESCRIPTION

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-24436 // JVNDB: JVNDB-2026-002124

AFFECTED PRODUCTS

vendor:tendamodel:w30escope:lteversion:16.01.0.19\(5037\)

Trust: 1.0

vendor:tendamodel:w30escope:eqversion: -

Trust: 0.8

vendor:tendamodel:w30escope:lteversion:w30e firmware 16.01.0.19¥(5037¥) and earlier

Trust: 0.8

vendor:tendamodel:w30escope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-002124 // NVD: CVE-2026-24436

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2026-24436
value: CRITICAL

Trust: 1.0

disclosure@vulncheck.com: CVE-2026-24436
value: CRITICAL

Trust: 1.0

NVD: CVE-2026-24436
value: CRITICAL

Trust: 0.8

nvd@nist.gov: CVE-2026-24436
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2026-24436
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-002124 // NVD: CVE-2026-24436 // NVD: CVE-2026-24436

PROBLEMTYPE DATA

problemtype:CWE-307

Trust: 1.0

problemtype:Inappropriate limitation of excessive authentication attempts (CWE-307) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-002124 // NVD: CVE-2026-24436

PATCH

title:Page Not Found | VulnCheckurl:https://www.vulncheck.com/advisories/tenda-w30e-v2-lacks-rate-limiting-on-authentication

Trust: 0.8

sources: JVNDB: JVNDB-2026-002124

EXTERNAL IDS

db:NVDid:CVE-2026-24436

Trust: 2.6

db:JVNDBid:JVNDB-2026-002124

Trust: 0.8

sources: JVNDB: JVNDB-2026-002124 // NVD: CVE-2026-24436

REFERENCES

url:https://www.tendacn.com/product/w30e

Trust: 1.8

url:https://www.vulncheck.com/advisories/tenda-w30e-v2-lacks-rate-limiting-on-authentication

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-24436

Trust: 0.8

sources: JVNDB: JVNDB-2026-002124 // NVD: CVE-2026-24436

SOURCES

db:JVNDBid:JVNDB-2026-002124
db:NVDid:CVE-2026-24436

LAST UPDATE DATE

2026-01-31T23:37:49.020000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-002124date:2026-01-30T05:12:00
db:NVDid:CVE-2026-24436date:2026-01-28T19:57:17.200

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-002124date:2026-01-30T00:00:00
db:NVDid:CVE-2026-24436date:2026-01-26T18:16:41.167