CVE-2026-30140
Received Received - Intake
Unauthorized Access in Tenda W15E Allows Admin Credential Disclosure

Publication date: 2026-03-09

Last updated on: 2026-03-13

Assigner: MITRE

Description
An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and potential remote administrative access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-09
Last Modified
2026-03-13
Generated
2026-05-06
AI Q&A
2026-03-09
EPSS Evaluated
2026-05-05
NVD
CVE-2026-30140
EUVD
EUVD-2026-10346
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda w15e_firmware 02.03.01.26_cn
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': 'CVE-2026-30140 is an information disclosure vulnerability affecting Tenda W15E routers running firmware version V02.03.01.26_cn.'}, {'type': 'paragraph', 'content': "An unauthenticated attacker can access a specific URL endpoint, /cgi-bin/DownloadCfg/RouterCfm.jpg, which despite its .jpg extension, returns the router's configuration file."}, {'type': 'paragraph', 'content': 'This configuration file contains sensitive information such as plaintext administrator credentials, Wi-Fi passwords, and PPPoE passwords.'}, {'type': 'paragraph', 'content': "The attacker can download this file by sending a simple HTTP GET request to the vulnerable endpoint on the router's IP address."}, {'type': 'paragraph', 'content': 'After downloading, the attacker can decode the file to extract these sensitive credentials.'}] [1]


How can this vulnerability impact me? :

This vulnerability can have severe impacts as it allows an attacker to obtain administrative and Wi-Fi passwords from the affected router.

With these credentials, an attacker can gain remote administrative access to the router, potentially leading to full system compromise.

Such access can enable the attacker to manipulate network settings, intercept or redirect traffic, and compromise connected devices.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending an HTTP GET request to the specific vulnerable endpoint on the target router.'}, {'type': 'paragraph', 'content': 'For example, you can use the following curl command to check if the router is vulnerable by attempting to download the configuration file:'}, {'type': 'list_item', 'content': 'curl -v http://<Target_IP>/cgi-bin/DownloadCfg/RouterCfm.jpg'}, {'type': 'paragraph', 'content': "Replace <Target_IP> with the router's IP address, typically accessed on port 80 or 8899. If the request returns a configuration file (instead of a typical image), the device is vulnerable."}, {'type': 'paragraph', 'content': 'After downloading, you may Base64 decode the file to extract sensitive credentials such as the administrator password.'}] [1]


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart