Tenda W30E V2 Hardcoded Default Password for Built-in Account

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in authentication account that is not required to be changed during initial configuration. An attacker can leverage these default credentials to gain authenticated access to the management interface.

Basic Information

ID CVE-2026-24429

Source VulnCheck

Published Jan 26, 2026 at 17:39

Affected Product

Vendor Shenzhen Tenda Technology Co., Ltd.

Product W30E V2

Affected Versions Shenzhen Tenda Technology Co., Ltd. W30E V2 0

CWE Classification

CWE-1393

References

{
    "lastseen": "",
    "description": "Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in authentication account that is not required to be changed during initial configuration. An attacker can leverage these default credentials to gain authenticated access to the management interface.",
    "published": "2026-01-26T17:39:02.845Z",
    "modified": "2026-01-26T17:39:02.845Z",
    "type": "cve",
    "title": "Tenda W30E V2 Hardcoded Default Password for Built-in Account",
    "source": "VulnCheck",
    "references": "https://www.tendacn.com/product/W30E\nhttps://www.vulncheck.com/advisories/tenda-w30e-v2-hardcoded-default-password-for-built-in-account",
    "id": "CVE-2026-24429",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1393"
    ],
    "cvelist": null,
    "sourceData": "Shenzhen Tenda Technology Co., Ltd. W30E V2 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "W30E V2",
    "version": "0",
    "vendor": "Shenzhen Tenda Technology Co., Ltd.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Tenda W30E V2 Hardcoded Default Password for Built-in Account_CVE-2026-24429