Description
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the backend endpoint, an attacker can bypass role-based restrictions enforced by the web interface and obtain full administrative privileges.
Published: 2026-01-26
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

An incorrect authorization flaw in the user management API of the Shenzhen Tenda W30E V2 router allows a low‑privileged authenticated user to change the administrator account password by sending a crafted request directly to the backend endpoint. This bypasses the role‑based restrictions enforced by the web interface and grants the attacker full administrative privileges, effectively resulting in complete control over the device. The weakness is classified as CWE‑863, Improper Authorization, and does not directly lead to remote code execution.

Affected Systems

Firmware versions of the Tenda W30E V2 router up to and including V16.01.0.19(5037) are affected. The vulnerability exists in the user management API exposed by the device’s web interface.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity vulnerability. The EPSS score of less than 1% suggests a very low current exploitation probability, and the flaw is not listed in the CISA KEV catalog. Attackers can exploit the flaw by authenticating with any low‑privileged account and sending a specially crafted request to the backend endpoint, thereby bypassing the web interface’s role checks and changing the administrator password.

Generated by OpenCVE AI on April 16, 2026 at 17:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router firmware to a version that fixes the authorization flaw.
  • If immediate firmware upgrade is not feasible, isolate the device from untrusted networks or restrict external access to the management interface via firewall rules.
  • Consider disabling remote management or applying MAC filtering to limit access to the router’s administrative functions until a patch is applied.

Generated by OpenCVE AI on April 16, 2026 at 17:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 03 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 29 Jan 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda w30e Firmware
CPEs cpe:2.3:h:tenda:w30e:2.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:w30e_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda w30e Firmware
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda w30e
Vendors & Products Tenda
Tenda w30e

Mon, 26 Jan 2026 18:00:00 +0000

Type Values Removed Values Added
Description Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the backend endpoint, an attacker can bypass role-based restrictions enforced by the web interface and obtain full administrative privileges.
Title Tenda W30E V2 Incorrect Authorization Allows Administrator Password Change
Weaknesses CWE-863
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tenda W30e W30e Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-05T01:30:30.302Z

Reserved: 2026-01-22T20:23:19.802Z

Link: CVE-2026-24428

cve-icon Vulnrichment

Updated: 2026-02-03T18:57:25.736Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-26T18:16:40.117

Modified: 2026-01-29T13:02:04.990

Link: CVE-2026-24428

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T17:45:27Z

Weaknesses