CVE-2026-24435
The CVE concerns Shenzhen Tenda W30E V2 firmware versions up to and including 16.01.0.19(5037), which implement a permissive CORS policy on authenticated admin endpoints by setting Access-Control-Allow-Origin: * together with Access-Control-Allow-Credentials: true. This enables attacker-controlle...