Details of VAR-202604-3011

ID

VAR-202604-3011

CVE

CVE-2026-38834

TITLE

Shenzhen Tenda Technology Co.,Ltd. of w30e Command injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013573

DESCRIPTION

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Also, some of the information handled by the software may be rewritten. Furthermore, some of the software may stop functioning. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-38834 // JVNDB: JVNDB-2026-013573

AFFECTED PRODUCTS

vendor:	tenda	model:	w30e	scope:	eq	version:	16.01.0.21	Trust: 1.0
vendor:	tenda	model:	w30e	scope:	eq	version:	w30e firmware 16.01.0.21	Trust: 0.8
vendor:	tenda	model:	w30e	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	w30e	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-013573 // NVD: CVE-2026-38834

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2026-38834
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-013573
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2026-38834
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-013573
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-013573 // NVD: CVE-2026-38834

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-013573 // NVD: CVE-2026-38834

PATCH

title:

repo/rep_1.md at main jsjbcyber/repo GitHub

url:

https://github.com/jsjbcyber/repo/blob/main/rep_1.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-013573

EXTERNAL IDS

db:	NVD	id:	CVE-2026-38834	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-013573	Trust: 0.8

sources: JVNDB: JVNDB-2026-013573 // NVD: CVE-2026-38834

REFERENCES

url:	https://github.com/jsjbcyber/repo/blob/main/rep_1.md	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-38834	Trust: 0.8

sources: JVNDB: JVNDB-2026-013573 // NVD: CVE-2026-38834

SOURCES

db:	JVNDB	id:	JVNDB-2026-013573
db:	NVD	id:	CVE-2026-38834

LAST UPDATE DATE

2026-06-19T22:57:30.307000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-013573	date:	2026-04-30T03:29:00
db:	NVD	id:	CVE-2026-38834	date:	2026-04-27T16:44:38.997

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-013573	date:	2026-04-30T00:00:00
db:	NVD	id:	CVE-2026-38834	date:	2026-04-21T17:16:53.257