CVE-2026-24440
BaseFortify
Publication date: 2026-01-26
Last updated on: 2026-01-28
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | w30e_firmware | to 16.01.0.19\(5037\) (inc) |
| tenda | w30e | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-620 | When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability in the Tenda W30E V2 router firmware allows an attacker to change account passwords through the maintenance interface without verifying the current password. This means if an attacker gains access to the affected endpoint, they can change passwords without authorization. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized password changes, potentially allowing attackers to take control of the device. This can compromise the confidentiality, integrity, and availability of the device and the network it is connected to, leading to severe security risks. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately restrict access to the maintenance interface of the Tenda W30E V2 router to trusted users only. Ensure that firmware is updated beyond version V16.01.0.19(5037) if a patch is available. Additionally, monitor and control network access to prevent unauthorized access to the affected endpoint. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to change the account password through the maintenance interface of the Tenda W30E V2 router without providing the current password. Since the vulnerability allows password changes without verification, a test can be performed by accessing the router's maintenance interface and trying to change the password directly. Network scanning tools can also be used to identify devices running the affected firmware version (up to V16.01.0.19(5037)). Specific commands are not provided in the available resources. [1]