← Volver a CVEs
CVE-2026-24429
CRITICAL9.8
Descripcion
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in authentication account that is not required to be changed during initial configuration. An attacker can leverage these default credentials to gain authenticated access to the management interface.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/26/2026
Ultima modificacion1/29/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
tenda:w30etenda:w30e_firmware
Debilidades (CWE)
CWE-1393
Referencias
https://www.tendacn.com/product/W30E(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/tenda-w30e-v2-hardcoded-default-password-for-built-in-account(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.