Sign-up

ID

VAR-202601-4196


CVE

CVE-2026-24429


TITLE

Shenzhen Tenda Technology Co.,Ltd. of w30e  Firmware vulnerability regarding the use of default passwords

Trust: 0.8

sources: JVNDB: JVNDB-2026-002324

DESCRIPTION

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in authentication account that is not required to be changed during initial configuration. An attacker can leverage these default credentials to gain authenticated access to the management interface. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-24429 // JVNDB: JVNDB-2026-002324

AFFECTED PRODUCTS

vendor:tendamodel:w30escope:lteversion:16.01.0.19\(5037\)

Trust: 1.0

vendor:tendamodel:w30escope:lteversion:w30e firmware 16.01.0.19¥(5037¥) and earlier

Trust: 0.8

vendor:tendamodel:w30escope:eqversion: -

Trust: 0.8

vendor:tendamodel:w30escope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-002324 // NVD: CVE-2026-24429

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2026-24429
value: CRITICAL

Trust: 1.0

disclosure@vulncheck.com: CVE-2026-24429
value: CRITICAL

Trust: 1.0

NVD: CVE-2026-24429
value: CRITICAL

Trust: 0.8

nvd@nist.gov: CVE-2026-24429
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2026-24429
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-002324 // NVD: CVE-2026-24429 // NVD: CVE-2026-24429

PROBLEMTYPE DATA

problemtype:CWE-1393

Trust: 1.0

problemtype:Using default password (CWE-1393) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-002324 // NVD: CVE-2026-24429

PATCH

title:Tenda W30E V2 Hardcoded Default Password for Built-in Account  | Advisories | VulnCheckurl:https://www.vulncheck.com/advisories/tenda-w30e-v2-hardcoded-default-password-for-built-in-account

Trust: 0.8

sources: JVNDB: JVNDB-2026-002324

EXTERNAL IDS

db:NVDid:CVE-2026-24429

Trust: 2.6

db:JVNDBid:JVNDB-2026-002324

Trust: 0.8

sources: JVNDB: JVNDB-2026-002324 // NVD: CVE-2026-24429

REFERENCES

url:https://www.tendacn.com/product/w30e

Trust: 1.8

url:https://www.vulncheck.com/advisories/tenda-w30e-v2-hardcoded-default-password-for-built-in-account

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-24429

Trust: 0.8

sources: JVNDB: JVNDB-2026-002324 // NVD: CVE-2026-24429

SOURCES

db:JVNDBid:JVNDB-2026-002324
db:NVDid:CVE-2026-24429

LAST UPDATE DATE

2026-02-04T23:15:47.147000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-002324date:2026-02-02T10:32:00
db:NVDid:CVE-2026-24429date:2026-01-29T13:01:22.300

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-002324date:2026-02-02T00:00:00
db:NVDid:CVE-2026-24429date:2026-01-26T18:16:40.267