Sign-up

ID

VAR-202601-4188


CVE

CVE-2026-24433


TITLE

Shenzhen Tenda Technology Co.,Ltd. of w30e  Cross-site scripting vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-002125

DESCRIPTION

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain a stored cross-site scripting vulnerability in the user creation functionality. Insufficient input validation allows attacker-controlled script content to be stored and later executed when administrative users access the affected management pages. Also, some of the information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability may affect other software

Trust: 1.62

sources: NVD: CVE-2026-24433 // JVNDB: JVNDB-2026-002125

AFFECTED PRODUCTS

vendor:tendamodel:w30escope:lteversion:16.01.0.19\(5037\)

Trust: 1.0

vendor:tendamodel:w30escope:eqversion: -

Trust: 0.8

vendor:tendamodel:w30escope:lteversion:w30e firmware 16.01.0.19¥(5037¥) and earlier

Trust: 0.8

vendor:tendamodel:w30escope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-002125 // NVD: CVE-2026-24433

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2026-24433
value: MEDIUM

Trust: 1.0

disclosure@vulncheck.com: CVE-2026-24433
value: MEDIUM

Trust: 1.0

NVD: CVE-2026-24433
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2026-24433
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2026-24433
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-002125 // NVD: CVE-2026-24433 // NVD: CVE-2026-24433

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-002125 // NVD: CVE-2026-24433

PATCH

title:Page Not Found | VulnCheckurl:https://www.vulncheck.com/advisories/tenda-w30e-v2-stored-xss-via-user-name-field

Trust: 0.8

sources: JVNDB: JVNDB-2026-002125

EXTERNAL IDS

db:NVDid:CVE-2026-24433

Trust: 2.6

db:JVNDBid:JVNDB-2026-002125

Trust: 0.8

sources: JVNDB: JVNDB-2026-002125 // NVD: CVE-2026-24433

REFERENCES

url:https://www.tendacn.com/product/w30e

Trust: 1.8

url:https://www.vulncheck.com/advisories/tenda-w30e-v2-stored-xss-via-user-name-field

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-24433

Trust: 0.8

sources: JVNDB: JVNDB-2026-002125 // NVD: CVE-2026-24433

SOURCES

db:JVNDBid:JVNDB-2026-002125
db:NVDid:CVE-2026-24433

LAST UPDATE DATE

2026-02-01T19:40:27.152000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-002125date:2026-01-30T05:12:00
db:NVDid:CVE-2026-24433date:2026-01-28T20:10:23.400

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-002125date:2026-01-30T00:00:00
db:NVDid:CVE-2026-24433date:2026-01-26T18:16:40.873