Every CVE whose affected-product data names Tenda W30e Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (63)
CVE-2023-49410 — CVSS 9.8 (critical): Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status.
CVE-2023-49999 — CVSS 9.8 (critical): Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition.
CVE-2023-50000 — CVSS 9.8 (critical): Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode.
CVE-2023-50001 — CVSS 9.8 (critical): Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline.
CVE-2023-50002 — CVSS 9.8 (critical): Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode.
CVE-2022-45506 — CVSS 9.8 (critical): Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName.
CVE-2026-24429 — CVSS 9.8 (critical): Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in…
CVE-2025-57085 — CVSS 9.8 (critical): Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability…
CVE-2023-25231 — CVSS 9.8 (critical): Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.
CVE-2023-49403 — CVSS 9.8 (critical): Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools.
CVE-2023-49404 — CVSS 9.8 (critical): Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet.
CVE-2023-49406 — CVSS 9.8 (critical): Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
CVE-2024-32286 — CVSS 9.8 (critical): Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function.
CVE-2026-38835 — CVSS 9.8 (critical): Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the…
CVE-2026-24436 — CVSS 9.8 (critical): Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate limiting or account lockout mechanisms…
CVE-2024-3882 — CVSS 8.8 (high): A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been classified as critical. Affected is the function fromRouteStatic of the…
CVE-2024-3879 — CVSS 8.8 (high): A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1.25(633). This affects the function formSetCfm of the file…
CVE-2026-24428 — CVSS 8.8 (high): Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API…
CVE-2026-24440 — CVSS 8.8 (high): Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the…
CVE-2024-4171 — CVSS 8.8 (high): A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the function fromWizardHandle of the file…
CVE-2024-3881 — CVSS 8.8 (high): A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. This issue affects the function frmL7PlotForm of the file…
CVE-2024-32292 — CVSS 8.8 (high): Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput…
CVE-2024-52789 — CVSS 8.0 (high): Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in…
CVE-2024-32285 — CVSS 8.0 (high): Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function.
CVE-2024-32293 — CVSS 8.0 (high): Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function.
CVE-2025-57086 — CVSS 7.5 (high): Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. This…
CVE-2022-45507 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName.
CVE-2022-45508 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName.
CVE-2022-45509 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName.
CVE-2022-45510 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset.
CVE-2022-45511 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the PPPOEPassword parameter at /goform/QuickIndex.
CVE-2022-45512 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeEmailFilter.
CVE-2022-45513 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/P2pListFilter.
CVE-2022-45514 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/webExcptypemanFilter.
CVE-2022-45515 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the entries parameter at /goform/addressNat.
CVE-2022-45516 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting.
CVE-2022-45517 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer.
CVE-2022-45518 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind.
CVE-2022-45519 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter.
CVE-2022-45520 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting.
CVE-2022-45521 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter.
CVE-2022-45522 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter.
CVE-2022-45523 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im.
CVE-2022-45524 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave.
CVE-2022-45525 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo.
CVE-2024-32291 — CVSS 7.5 (high): Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function.
CVE-2022-45505 — CVSS 7.5 (high): Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand.
CVE-2025-57087 — CVSS 7.5 (high): Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function…
CVE-2026-24430 — CVSS 7.5 (high): Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive account credentials in cleartext within…
CVE-2026-38834 — CVSS 7.3 (high): Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName…
CVE-2024-32290 — CVSS 6.7 (medium): Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function.
CVE-2026-24435 — CVSS 6.5 (medium): Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an insecure Cross-Origin Resource Sharing (CORS)…
CVE-2024-32287 — CVSS 6.5 (medium): Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function.
CVE-2026-24431 — CVSS 6.5 (medium): Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) display stored user account passwords in plaintext within…
CVE-2026-24439 — CVSS 6.5 (medium): Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X-Content-Type-Options: nosniff response…
CVE-2024-3880 — CVSS 6.3 (medium): A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function…
CVE-2024-32288 — CVSS 6.3 (medium): Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter…
CVE-2026-24437 — CVSS 5.5 (medium): Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive administrative content without appropriate…
CVE-2026-24433 — CVSS 5.4 (medium): Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain a stored cross-site scripting vulnerability in the…
CVE-2026-24432 — CVSS 4.3 (medium): Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site request forgery (CSRF) protections on…