CNNVD-202601-4358 Information

CNNVD ID

CNNVD-202601-4358

Related CVE

CVE-2026-24432

• CNNVD Published: 2026-01-26

Description (Chinese)

Tenda W30E是中国腾达（Tenda）公司的一款路由器。 Tenda W30E V2 V16.01.0.19(5037)及之前版本存在跨站请求伪造漏洞，该漏洞源于管理端点缺少跨站请求伪造保护，可能导致攻击者修改管理员密码。

Description (English)

Tenda W30E is a router for Tenda China. Tenda W30E V2 V16.01.0.19 (5037) and earlier versions had a false gap in cross-site requests, which stemmed from the lack of cross-site protection at the management endpoint, which could lead the attackers to change the administrator ’ s password.

Hazard Level

High

Vulnerability Type

跨站请求伪造

Affected Vendor

腾达

Published

2026-01-26

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/tenda-w30e-v2-missing-csrf-protections-for-administrative-actions https://www.tendacn.com/product/W30E https://access.redhat.com/security/cve/cve-2026-24432