📦 W30e Firmware
by Tenda
🔍 What is W30e Firmware?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability allows attackers to perform unlimited brute-force attacks against administrative credentials on Tenda W30E V2 routers. Attackers can guess passwords without restriction due to missi...
This vulnerability allows attackers to use hardcoded default credentials to gain administrative access to Tenda W30E V2 routers. Anyone using affected firmware versions without changing default passwo...
This vulnerability in Tenda W30E routers allows attackers to cause a Denial of Service (DoS) by sending specially crafted requests that trigger a stack overflow in the UploadCfg function. The attack e...
This vulnerability allows remote attackers to execute arbitrary code on Tenda W30E routers via a stack overflow in the fromVirtualSer function. Attackers can exploit this by sending specially crafted ...
CVE-2023-49402 is a critical stack overflow vulnerability in Tenda W30E routers that allows remote attackers to execute arbitrary code or cause denial of service by sending specially crafted requests ...
This vulnerability allows remote attackers to execute arbitrary code on Tenda W30E routers via a stack overflow in the set_wan_status function. Attackers can gain full control of affected devices, pot...
This CVE describes a stack overflow vulnerability in Tenda W30E routers via the formResetMeshNode function. Attackers can exploit this to execute arbitrary code or cause denial of service. Users of Te...
This CVE describes a stack overflow vulnerability in Tenda W30E routers that allows remote attackers to execute arbitrary code or cause denial of service. Attackers can exploit this by sending special...
This vulnerability allows remote attackers to execute arbitrary code on Tenda W30E routers via a buffer overflow in the fromRouteStatic function. Attackers can exploit this by sending specially crafte...
This vulnerability allows unauthorized password changes on Tenda W30E V2 routers without verifying the current password. Attackers who gain access to the maintenance interface can change administrativ...
This vulnerability allows authenticated low-privileged users to change the administrator password on Tenda W30E V2 routers by exploiting an authorization flaw in the user management API. Attackers can...
This vulnerability exposes administrative credentials in plaintext within HTTP responses from the Tenda W30E V2 router's maintenance interface. Attackers on the same network can intercept these creden...
This vulnerability in Tenda W30E routers allows attackers to cause a Denial of Service (DoS) by sending specially crafted requests that trigger a stack overflow in the wireless configuration function....
This vulnerability allows remote attackers to execute arbitrary code on Tenda W30E routers by exploiting a stack overflow in the fromNatlimit function. Attackers can send specially crafted requests to...
This CVE describes a stack overflow vulnerability in Tenda W30E routers via the page parameter in the fromDhcpListClient function. Attackers can exploit this to execute arbitrary code or crash the dev...
This is a critical stack-based buffer overflow vulnerability in Tenda W30E routers that allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the fromRouteStatic fu...
This critical vulnerability in Tenda W30E routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the formSetCfm function. Attackers can exploit this without aut...
This CVE describes an insecure CORS policy in Tenda W30E V2 routers that allows attacker-controlled websites to make authenticated cross-origin requests to the router's administrative interface. Attac...
This vulnerability allows browsers to cache sensitive administrative pages from Tenda W30E V2 routers, potentially storing credentials locally. Attackers with physical or remote access to the browser ...
Tenda W30E V2 routers with vulnerable firmware lack the X-Content-Type-Options: nosniff header on web management interfaces. This allows attackers to trick browsers into executing malicious scripts vi...
The Tenda W30E V2 router firmware exposes stored user account passwords in plaintext within the administrative web interface. Any authenticated user with access to the management pages can directly vi...
This CSRF vulnerability in Tenda W30E V2 routers allows attackers to trick authenticated administrators into unknowingly executing malicious requests. Attackers can change administrative passwords and...
This stored cross-site scripting vulnerability in Tenda W30E V2 routers allows attackers to inject malicious scripts into user creation fields. When administrative users view affected management pages...