Tenda W30e_firmware

63 CVEs affecting Tenda W30e_firmware. Latest disclosed: 2026-04-21. Critical: 18, High: 35.

Top CVEs affecting Tenda W30e_firmware
CVESeverityScorePublishedSummary
CVE-2026-38835Critical9.82026-04-21Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter…
CVE-2026-24436Critical9.82026-01-26Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate limiting or account lockout mechanisms on authentication end…
CVE-2026-24429Critical9.82026-01-26Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in authentication account th…
CVE-2025-57085Critical9.82025-09-09Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to…
CVE-2024-32286Critical9.82024-04-17Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function.
CVE-2023-49411Critical9.82023-12-07Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode.
CVE-2023-49406Critical9.82023-12-07Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
CVE-2023-49405Critical9.82023-12-07Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg.
CVE-2023-49404Critical9.82023-12-07Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet.
CVE-2023-50002Critical9.82023-12-07Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode.
CVE-2023-50001Critical9.82023-12-07Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline.
CVE-2023-50000Critical9.82023-12-07Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode.
CVE-2023-49999Critical9.82023-12-07Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition.
CVE-2023-49410Critical9.82023-12-07Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status.
CVE-2023-49403Critical9.82023-12-07Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools.
CVE-2023-49402Critical9.82023-12-07Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg.
CVE-2023-25231Critical9.82023-02-27Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.
CVE-2022-45506Critical9.82022-12-08Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName.
CVE-2026-24440High8.82026-01-26Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without…
CVE-2026-24428High8.82026-01-26Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privi…