Tenda W30e_firmware
63 CVEs affecting Tenda W30e_firmware. Latest disclosed: 2026-04-21. Critical: 18, High: 35.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-38835 | Critical | 9.8 | 2026-04-21 | Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter… |
CVE-2026-24436 | Critical | 9.8 | 2026-01-26 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate limiting or account lockout mechanisms on authentication end… |
CVE-2026-24429 | Critical | 9.8 | 2026-01-26 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in authentication account th… |
CVE-2025-57085 | Critical | 9.8 | 2025-09-09 | Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to… |
CVE-2024-32286 | Critical | 9.8 | 2024-04-17 | Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function. |
CVE-2023-49411 | Critical | 9.8 | 2023-12-07 | Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode. |
CVE-2023-49406 | Critical | 9.8 | 2023-12-07 | Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet. |
CVE-2023-49405 | Critical | 9.8 | 2023-12-07 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg. |
CVE-2023-49404 | Critical | 9.8 | 2023-12-07 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet. |
CVE-2023-50002 | Critical | 9.8 | 2023-12-07 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode. |
CVE-2023-50001 | Critical | 9.8 | 2023-12-07 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline. |
CVE-2023-50000 | Critical | 9.8 | 2023-12-07 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode. |
CVE-2023-49999 | Critical | 9.8 | 2023-12-07 | Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition. |
CVE-2023-49410 | Critical | 9.8 | 2023-12-07 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status. |
CVE-2023-49403 | Critical | 9.8 | 2023-12-07 | Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools. |
CVE-2023-49402 | Critical | 9.8 | 2023-12-07 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg. |
CVE-2023-25231 | Critical | 9.8 | 2023-02-27 | Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface. |
CVE-2022-45506 | Critical | 9.8 | 2022-12-08 | Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName. |
CVE-2026-24440 | High | 8.8 | 2026-01-26 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without… |
CVE-2026-24428 | High | 8.8 | 2026-01-26 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privi… |