Vulnerability in Shenzhen Tenda Technology Co., Ltd. W30e V2
CVE-2026-24440
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized passw…
EPSS: 0.003 (18.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Shenzhen Tenda Technology Co., Ltd. W30e V2 — versions 0
- Tenda W30e — versions 2.0
- Tenda W30e_firmware
Weakness classification (CWE)
References
- disclosure@vulncheck.com (Product, product)
- disclosure@vulncheck.com (Third Party Advisory, third-party-advisory)
Frequently asked questions
- What is CVE-2026-24440?
- CVE-2026-24440 is a high-severity vulnerability in Shenzhen Tenda Technology Co., Ltd. W30e V2, classified under CWE-620. CVSS score: 8.8/10. Published 2026-01-26.
- How severe is CVE-2026-24440?
- High severity. CVSS v3 base score is 8.8 out of 10.