← Volver a CVEs
CVE-2026-24436
CRITICAL9.8
Descripcion
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/26/2026
Ultima modificacion1/28/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
tenda:w30etenda:w30e_firmware
Debilidades (CWE)
CWE-307
Referencias
https://www.tendacn.com/product/W30E(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/tenda-w30e-v2-lacks-rate-limiting-on-authentication(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.