CNNVD-202601-4353 Information

CNNVD ID

CNNVD-202601-4353

Related CVE

CVE-2026-24433

• CNNVD Published: 2026-01-26

Description (Chinese)

Tenda W30E是中国腾达（Tenda）公司的一款路由器。 Tenda W30E V2 V16.01.0.19(5037)及之前版本存在跨站脚本漏洞，该漏洞源于用户创建功能输入验证不足，可能导致存储型跨站脚本攻击。

Description (English)

Tenda W30E is a router for Tenda China. There is a cross-site script loophole in Tenda W30E V2 V16.01.19 (5037) and earlier versions, which results from insufficient user creation functional input validation, which may result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

腾达

Published

2026-01-26

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/tenda-w30e-v2-stored-xss-via-user-name-field https://www.tendacn.com/product/W30E https://access.redhat.com/security/cve/cve-2026-24433