CVE-2026-24431
Unknown
Unknown - Not Provided
BaseFortify
Vulnerability report for CVE-2026-24431, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-01-26
Last updated on: 2026-01-28
Assigner: VulnCheck
Description
Description
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | w30e_firmware | to 16.01.0.19\(5037\) (inc) |
| tenda | w30e | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-317 | The product stores sensitive information in cleartext within the GUI. |