Details of VAR-202601-4141

ID

VAR-202601-4141

CVE

CVE-2026-24431

TITLE

Shenzhen Tenda Technology Co.,Ltd. of w30e in the firmware GUI Vulnerability in storing sensitive information in plaintext

Trust: 0.8

sources: JVNDB: JVNDB-2026-002127

DESCRIPTION

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-24431 // JVNDB: JVNDB-2026-002127

AFFECTED PRODUCTS

vendor:	tenda	model:	w30e	scope:	lte	version:	16.01.0.19\(5037\)	Trust: 1.0
vendor:	tenda	model:	w30e	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	w30e	scope:	lte	version:	w30e firmware 16.01.0.19¥(5037¥) and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2026-002127 // NVD: CVE-2026-24431

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2026-24431
value:	MEDIUM
Trust: 1.0
disclosure@vulncheck.com:	CVE-2026-24431
value:	HIGH
Trust: 1.0
NVD:	CVE-2026-24431
value:	MEDIUM
Trust: 0.8

nvd@nist.gov:	CVE-2026-24431
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2026-24431
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-002127 // NVD: CVE-2026-24431 // NVD: CVE-2026-24431

PROBLEMTYPE DATA

problemtype:	CWE-317	Trust: 1.0
problemtype:	GUI Storing sensitive information in plain text (CWE-317) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-002127 // NVD: CVE-2026-24431

EXTERNAL IDS

db:	NVD	id:	CVE-2026-24431	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-002127	Trust: 0.8

sources: JVNDB: JVNDB-2026-002127 // NVD: CVE-2026-24431

REFERENCES

url:	https://www.tendacn.com/product/w30e	Trust: 1.8
url:	https://www.vulncheck.com/advisories/tenda-w30e-v2-missing-csrf-protections-for-administrative-actions	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-24431	Trust: 0.8

sources: JVNDB: JVNDB-2026-002127 // NVD: CVE-2026-24431

SOURCES

db:	JVNDB	id:	JVNDB-2026-002127
db:	NVD	id:	CVE-2026-24431

LAST UPDATE DATE

2026-01-31T23:42:21.836000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-002127	date:	2026-01-30T05:12:00
db:	NVD	id:	CVE-2026-24431	date:	2026-01-28T20:14:45.130

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-002127	date:	2026-01-30T00:00:00
db:	NVD	id:	CVE-2026-24431	date:	2026-01-26T18:16:40.567