CVE-2026-24429
BaseFortify
Publication date: 2026-01-26
Last updated on: 2026-01-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | w30e_firmware | to 16.01.0.19\(5037\) (inc) |
| tenda | w30e | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1393 | The product uses default passwords for potentially critical functionality. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Shenzhen Tenda W30E V2 router firmware versions up to and including V16.01.0.19(5037). It involves a hardcoded default password for a built-in authentication account that is not required to be changed during the initial device setup. An attacker can exploit this by using the default credentials to gain authenticated access to the router's management interface remotely without needing any privileges or user interaction. [1]
How can this vulnerability impact me? :
The vulnerability allows remote attackers to gain authenticated access to the router's management interface using default credentials. This can lead to unauthorized control over the device, potentially compromising network security, intercepting or altering network traffic, and enabling further attacks on connected systems. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by attempting to access the management interface of the Shenzhen Tenda W30E V2 router using the known default credentials embedded in the firmware. Since the vulnerability involves a hardcoded default password that is not changed during initial configuration, testing login attempts with these default credentials can reveal if the device is vulnerable. Specific commands are not provided in the resources, but generally, you can use tools like curl or a web browser to attempt authentication to the router's management interface IP address using the default username and password. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to change the default password of the built-in authentication account on the Shenzhen Tenda W30E V2 router to a strong, unique password. Since the vulnerability arises from the default password not being required to be changed during initial configuration, enforcing a password change and disabling or removing the built-in account if possible will reduce the risk of unauthorized access. [1]