threat
engine
.sh
Back
·
··:··
Home
/
Product
/
tenda w30e firmware
Product
tenda w30e firmware
63 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-38835
all versions
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via t
9.8
CRITICAL
CVE-2026-38834
all versions
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName
7.3
HIGH
CVE-2026-24440
<= 16.01.0.19\(5037\)
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the m
8.8
HIGH
CVE-2026-24439
<= 16.01.0.19\(5037\)
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X-Content-Type-Options: nosniff
6.5
MEDIUM
CVE-2026-24437
<= 16.01.0.19\(5037\)
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive administrative content without appr
5.5
MEDIUM
CVE-2026-24436
<= 16.01.0.19\(5037\)
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate limiting or account lockout mec
9.8
CRITICAL
CVE-2026-24435
<= 16.01.0.19\(5037\)
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an insecure Cross-Origin Resource Sharing
6.5
MEDIUM
CVE-2026-24433
<= 16.01.0.19\(5037\)
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain a stored cross-site scripting vulnerability
5.4
MEDIUM
CVE-2026-24432
<= 16.01.0.19\(5037\)
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site request forgery (CSRF) protections
4.3
MEDIUM
CVE-2026-24431
<= 16.01.0.19\(5037\)
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) display stored user account passwords in plaintext
6.5
MEDIUM
CVE-2026-24430
<= 16.01.0.19\(5037\)
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive account credentials in cleartext
7.5
HIGH
CVE-2026-24429
<= 16.01.0.19\(5037\)
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built
9.8
CRITICAL
CVE-2026-24428
<= 16.01.0.19\(5037\)
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user managemen
8.8
HIGH
CVE-2025-57086
<= 16.01.0.19\(5037\)
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode functio
7.5
HIGH
CVE-2025-57085
<= 16.01.0.19\(5037\)
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vuln
9.8
CRITICAL
CVE-2025-57087
<= 16.01.0.19\(5037\)
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet fu
7.5
HIGH
CVE-2024-52789
all versions
Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers
8.0
HIGH
CVE-2024-4171
all versions
A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the function fromWizardHandle of the
8.8
HIGH
CVE-2024-32293
all versions
Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient functi
8.0
HIGH
CVE-2024-32292
all versions
Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinpu
8.8
HIGH
CVE-2024-32291
all versions
Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function.
7.5
HIGH
CVE-2024-32290
all versions
Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function.
6.7
MEDIUM
CVE-2024-32288
all versions
Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypema
6.3
MEDIUM
CVE-2024-32287
all versions
Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function.
6.5
MEDIUM
CVE-2024-32286
all versions
Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer fu
9.8
CRITICAL
CVE-2024-32285
all versions
Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName funct
8.0
HIGH
CVE-2024-3882
all versions
A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been classified as critical. Affected is the function fromRouteStati
8.8
HIGH
CVE-2024-3881
all versions
A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. This issue affects the function frmL7PlotForm of
8.8
HIGH
CVE-2024-3880
all versions
A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function for
6.3
MEDIUM
CVE-2024-3879
all versions
A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1.25(633). This affects the function formSetCfm of
8.8
HIGH
CVE-2023-49411
all versions
Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode.
9.8
CRITICAL
CVE-2023-49406
all versions
Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
9.8
CRITICAL
CVE-2023-49405
all versions
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg.
9.8
CRITICAL
CVE-2023-49404
all versions
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet.
9.8
CRITICAL
CVE-2023-50002
all versions
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode.
9.8
CRITICAL
CVE-2023-50001
all versions
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline.
9.8
CRITICAL
CVE-2023-50000
all versions
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode.
9.8
CRITICAL
CVE-2023-49999
all versions
Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition.
9.8
CRITICAL
CVE-2023-49410
all versions
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status.
9.8
CRITICAL
CVE-2023-49403
all versions
Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools.
9.8
CRITICAL
CVE-2023-49402
all versions
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg.
9.8
CRITICAL
CVE-2023-25231
all versions
Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterfa
9.8
CRITICAL
CVE-2022-45525
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo.
7.5
HIGH
CVE-2022-45524
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave.
7.5
HIGH
CVE-2022-45523
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im.
7.5
HIGH
CVE-2022-45522
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter.
7.5
HIGH
CVE-2022-45521
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter.
7.5
HIGH
CVE-2022-45520
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting.
7.5
HIGH
CVE-2022-45519
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter.
7.5
HIGH
CVE-2022-45518
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind.
7.5
HIGH
CVE-2022-45517
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer.
7.5
HIGH
CVE-2022-45516
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting.
7.5
HIGH
CVE-2022-45515
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the entries parameter at /goform/addressNat.
7.5
HIGH
CVE-2022-45514
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/webExcptypemanFilter.
7.5
HIGH
CVE-2022-45513
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/P2pListFilter.
7.5
HIGH
CVE-2022-45512
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeEmailFilter.
7.5
HIGH
CVE-2022-45511
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the PPPOEPassword parameter at /goform/QuickIndex.
7.5
HIGH
CVE-2022-45510
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset.
7.5
HIGH
CVE-2022-45509
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName.
7.5
HIGH
CVE-2022-45508
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName.
7.5
HIGH
CVE-2022-45507
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName.
7.5
HIGH
CVE-2022-45506
all versions
Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/del
9.8
CRITICAL
CVE-2022-45505
all versions
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand.
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin