CVE-2026-30140
Received Received - Intake
Unauthorized Access in Tenda W15E Allows Admin Credential Disclosure

Publication date: 2026-03-09

Last updated on: 2026-03-13

Assigner: MITRE

Description
An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and potential remote administrative access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-09
Last Modified
2026-03-13
Generated
2026-06-16
AI Q&A
2026-03-09
EPSS Evaluated
2026-06-14
NVD
CVE-2026-30140
EUVD
EUVD-2026-10346
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda w15e_firmware 02.03.01.26_cn
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-30140 is an information disclosure vulnerability affecting Tenda W15E routers running firmware version V02.03.01.26_cn.'}, {'type': 'paragraph', 'content': "An unauthenticated attacker can access a specific URL endpoint, /cgi-bin/DownloadCfg/RouterCfm.jpg, which despite its .jpg extension, returns the router's configuration file."}, {'type': 'paragraph', 'content': 'This configuration file contains sensitive information such as plaintext administrator credentials, Wi-Fi passwords, and PPPoE passwords.'}, {'type': 'paragraph', 'content': "The attacker can download this file by sending a simple HTTP GET request to the vulnerable endpoint on the router's IP address."}, {'type': 'paragraph', 'content': 'After downloading, the attacker can decode the file to extract these sensitive credentials.'}] [1]

Impact Analysis

This vulnerability can have severe impacts as it allows an attacker to obtain administrative and Wi-Fi passwords from the affected router.

With these credentials, an attacker can gain remote administrative access to the router, potentially leading to full system compromise.

Such access can enable the attacker to manipulate network settings, intercept or redirect traffic, and compromise connected devices.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending an HTTP GET request to the specific vulnerable endpoint on the target router.'}, {'type': 'paragraph', 'content': 'For example, you can use the following curl command to check if the router is vulnerable by attempting to download the configuration file:'}, {'type': 'list_item', 'content': 'curl -v http://<Target_IP>/cgi-bin/DownloadCfg/RouterCfm.jpg'}, {'type': 'paragraph', 'content': "Replace <Target_IP> with the router's IP address, typically accessed on port 80 or 8899. If the request returns a configuration file (instead of a typical image), the device is vulnerable."}, {'type': 'paragraph', 'content': 'After downloading, you may Base64 decode the file to extract sensitive credentials such as the administrator password.'}] [1]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30140. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart