CVE-2026-24430

Tenda W30E V2 HTTP Responses Expose Plaintext Credentials

CVSS 8.2 HIGHEPSS 0.2%CWE-201

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default, credentials may be exposed to network-based interception.

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Shenzhen Tenda Technology Co., Ltd. · W30E V2

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.tendacn.com/product/W30E https://www.vulncheck.com/advisories/tenda-w30e-v2-http-responses-expose-plaintext-credentials