Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/27 9:23 p.m.5 views

CVE-2026-24437

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...

5.5CVSS5.9AI score0.00154EPSS
Exploits0References1
CVE
CVE
added 2026/01/26 5:46 p.m.14 views

CVE-2026-24432

Shenzhen Tenda W30E V2 firmware up to 16.01.0.19(5037) lacks CSRF protections on administrative endpoints, including password changes. An attacker could craft requests that, when triggered by an authenticated user’s browser, modify admin passwords and other settings. Root cause: missing CSRF prot...

5.1CVSS5.9AI score0.00108EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/26 5:40 p.m.4 views

CVE-2026-24436 Tenda W30E V2 Lacks Rate Limiting on Authentication

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...

9.2CVSS5.9AI score0.00418EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.4 views

PT-2026-4803

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable...

2.1CVSS5.9AI score0.00169EPSS
Exploits0References3
Rows per page
Query Builder