Cross-Site Request Forgery Vulnerability in Tenda W30E V2 Firmware
CVE-2026-24432

5.1MEDIUM

Key Information:

Vendor

Shenzhen Tenda Technology Co., Ltd.

Status
W30e V2
Vendor
CVE Published:
26 January 2026

What is CVE-2026-24432?

The Tenda W30E V2 firmware, up to version V16.01.0.19(5037), does not implement adequate protections against cross-site request forgery on critical administrative endpoints. This lack of defense allows potential attackers to send malicious requests that can be executed by authenticated users. These requests may alter administrative account settings and change configurations without proper authorization, posing significant risks to user data and network security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

W30E V2 0 <= 16.01.0.19(5037)

References

https://www.tendacn.com/product/W30E
product
https://www.vulncheck.com/advisories/tenda-w30e-v2-missin...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.
JSON
.