Sign-up

ID

VAR-202601-4127


CVE

CVE-2026-24437


TITLE

Shenzhen Tenda Technology Co.,Ltd. of w30e  Contains important information about the firmware  Web  Browser cache usage vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2026-002123

DESCRIPTION

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-24437 // JVNDB: JVNDB-2026-002123

AFFECTED PRODUCTS

vendor:tendamodel:w30escope:lteversion:16.01.0.19\(5037\)

Trust: 1.0

vendor:tendamodel:w30escope:eqversion: -

Trust: 0.8

vendor:tendamodel:w30escope:lteversion:w30e firmware 16.01.0.19¥(5037¥) and earlier

Trust: 0.8

vendor:tendamodel:w30escope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-002123 // NVD: CVE-2026-24437

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2026-24437
value: MEDIUM

Trust: 1.0

disclosure@vulncheck.com: CVE-2026-24437
value: MEDIUM

Trust: 1.0

NVD: CVE-2026-24437
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2026-24437
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2026-24437
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-002123 // NVD: CVE-2026-24437 // NVD: CVE-2026-24437

PROBLEMTYPE DATA

problemtype:CWE-525

Trust: 1.0

problemtype:contains important information Web Use of browser cache (CWE-525) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-002123 // NVD: CVE-2026-24437

PATCH

title:Page Not Found | VulnCheckurl:https://www.vulncheck.com/advisories/tenda-w30e-v2-missing-cache-controls-for-credential-bearing-pages

Trust: 0.8

sources: JVNDB: JVNDB-2026-002123

EXTERNAL IDS

db:NVDid:CVE-2026-24437

Trust: 2.6

db:JVNDBid:JVNDB-2026-002123

Trust: 0.8

sources: JVNDB: JVNDB-2026-002123 // NVD: CVE-2026-24437

REFERENCES

url:https://www.tendacn.com/product/w30e

Trust: 1.8

url:https://www.vulncheck.com/advisories/tenda-w30e-v2-missing-cache-controls-for-credential-bearing-pages

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-24437

Trust: 0.8

sources: JVNDB: JVNDB-2026-002123 // NVD: CVE-2026-24437

SOURCES

db:JVNDBid:JVNDB-2026-002123
db:NVDid:CVE-2026-24437

LAST UPDATE DATE

2026-01-31T23:40:57.349000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-002123date:2026-01-30T05:12:00
db:NVDid:CVE-2026-24437date:2026-01-28T19:49:11.033

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-002123date:2026-01-30T00:00:00
db:NVDid:CVE-2026-24437date:2026-01-26T18:16:41.317