cvedb.io
CVE-2026-24436
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2026-01-26T18:16:41.167 · Last modified 2026-06-17T10:23:04.473

Summary

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials.

Affected products

tenda — w30e_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when tenda ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.