CVE-2026-24440
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-26

Last updated on: 2026-01-28

Assigner: VulnCheck

Description
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected endpoint is obtained.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-26
Last Modified
2026-01-28
Generated
2026-06-16
AI Q&A
2026-01-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24440
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tenda w30e_firmware to 16.01.0.19\(5037\) (inc)
tenda w30e 2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-620 When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability in the Tenda W30E V2 router firmware allows an attacker to change account passwords through the maintenance interface without verifying the current password. This means if an attacker gains access to the affected endpoint, they can change passwords without authorization. [1]

Impact Analysis

The vulnerability can lead to unauthorized password changes, potentially allowing attackers to take control of the device. This can compromise the confidentiality, integrity, and availability of the device and the network it is connected to, leading to severe security risks. [1]

Mitigation Strategies

To mitigate this vulnerability, immediately restrict access to the maintenance interface of the Tenda W30E V2 router to trusted users only. Ensure that firmware is updated beyond version V16.01.0.19(5037) if a patch is available. Additionally, monitor and control network access to prevent unauthorized access to the affected endpoint. [1]

Detection Guidance

This vulnerability can be detected by attempting to change the account password through the maintenance interface of the Tenda W30E V2 router without providing the current password. Since the vulnerability allows password changes without verification, a test can be performed by accessing the router's maintenance interface and trying to change the password directly. Network scanning tools can also be used to identify devices running the affected firmware version (up to V16.01.0.19(5037)). Specific commands are not provided in the available resources. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24440. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart