Sign-up

ID

VAR-202601-4166


CVE

CVE-2026-24439


TITLE

Shenzhen Tenda Technology Co.,Ltd. of w30e  Encoding and escaping vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-002122

DESCRIPTION

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable script. Also, some of the information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-24439 // JVNDB: JVNDB-2026-002122

AFFECTED PRODUCTS

vendor:tendamodel:w30escope:lteversion:16.01.0.19\(5037\)

Trust: 1.0

vendor:tendamodel:w30escope:eqversion: -

Trust: 0.8

vendor:tendamodel:w30escope:lteversion:w30e firmware 16.01.0.19¥(5037¥) and earlier

Trust: 0.8

vendor:tendamodel:w30escope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-002122 // NVD: CVE-2026-24439

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2026-24439
value: MEDIUM

Trust: 1.0

disclosure@vulncheck.com: CVE-2026-24439
value: LOW

Trust: 1.0

NVD: CVE-2026-24439
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2026-24439
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2026-24439
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-002122 // NVD: CVE-2026-24439 // NVD: CVE-2026-24439

PROBLEMTYPE DATA

problemtype:CWE-116

Trust: 1.0

problemtype:Improper encoding or output escaping (CWE-116) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-002122 // NVD: CVE-2026-24439

PATCH

title:Page Not Found | VulnCheckurl:https://www.vulncheck.com/advisories/tenda-w30e-v2-lacks-x-content-type-options-header

Trust: 0.8

sources: JVNDB: JVNDB-2026-002122

EXTERNAL IDS

db:NVDid:CVE-2026-24439

Trust: 2.6

db:JVNDBid:JVNDB-2026-002122

Trust: 0.8

sources: JVNDB: JVNDB-2026-002122 // NVD: CVE-2026-24439

REFERENCES

url:https://www.tendacn.com/product/w30e

Trust: 1.8

url:https://www.vulncheck.com/advisories/tenda-w30e-v2-lacks-x-content-type-options-header

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-24439

Trust: 0.8

sources: JVNDB: JVNDB-2026-002122 // NVD: CVE-2026-24439

SOURCES

db:JVNDBid:JVNDB-2026-002122
db:NVDid:CVE-2026-24439

LAST UPDATE DATE

2026-02-01T23:01:12.347000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-002122date:2026-01-30T05:12:00
db:NVDid:CVE-2026-24439date:2026-01-28T20:01:46.097

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-002122date:2026-01-30T00:00:00
db:NVDid:CVE-2026-24439date:2026-01-26T18:16:41.463