Vulnerability in N/a

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

EPSS: 0.144 (94.5th percentile) — read the EPSS interpretation.

Affected products

  • N/a — versions n/a

References