Details of VAR-202601-4123

ID

VAR-202601-4123

CVE

CVE-2026-24440

TITLE

Shenzhen Tenda Technology Co.,Ltd. of w30e Unverified password change vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-002121

DESCRIPTION

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected endpoint is obtained. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-24440 // JVNDB: JVNDB-2026-002121

AFFECTED PRODUCTS

vendor:	tenda	model:	w30e	scope:	lte	version:	16.01.0.19\(5037\)	Trust: 1.0
vendor:	tenda	model:	w30e	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	w30e	scope:	lte	version:	w30e firmware 16.01.0.19¥(5037¥) and earlier	Trust: 0.8
vendor:	tenda	model:	w30e	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-002121 // NVD: CVE-2026-24440

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2026-24440
value:	HIGH
Trust: 1.0
disclosure@vulncheck.com:	CVE-2026-24440
value:	HIGH
Trust: 1.0
NVD:	CVE-2026-24440
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2026-24440
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2026-24440
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-002121 // NVD: CVE-2026-24440 // NVD: CVE-2026-24440

PROBLEMTYPE DATA

problemtype:	CWE-620	Trust: 1.0
problemtype:	Unverified password change (CWE-620) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-002121 // NVD: CVE-2026-24440

PATCH

title:

Page Not Found | VulnCheck

url:

https://www.vulncheck.com/advisories/tenda-w30e-v2-allows-password-change-without-verifying-current-password

Trust: 0.8

sources: JVNDB: JVNDB-2026-002121

EXTERNAL IDS

db:	NVD	id:	CVE-2026-24440	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-002121	Trust: 0.8

sources: JVNDB: JVNDB-2026-002121 // NVD: CVE-2026-24440

REFERENCES

url:	https://www.tendacn.com/product/w30e	Trust: 1.8
url:	https://www.vulncheck.com/advisories/tenda-w30e-v2-allows-password-change-without-verifying-current-password	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-24440	Trust: 0.8

sources: JVNDB: JVNDB-2026-002121 // NVD: CVE-2026-24440

SOURCES

db:	JVNDB	id:	JVNDB-2026-002121
db:	NVD	id:	CVE-2026-24440

LAST UPDATE DATE

2026-01-31T23:44:01.377000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-002121	date:	2026-01-30T05:12:00
db:	NVD	id:	CVE-2026-24440	date:	2026-01-28T19:20:05.660

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-002121	date:	2026-01-30T00:00:00
db:	NVD	id:	CVE-2026-24440	date:	2026-01-26T18:16:41.637