Tenda W30E V2 Cross-Site Request Forgery Vulnerability in Administrative Endpoints

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in the Tenda W30E V2 router, affecting firmware versions through V16.01.0.19(5037). The vulnerability arises from the absence of CSRF protections on administrative endpoints, including those for changing administrator account credentials. This lack of protection allows attackers to craft malicious requests that, when executed by an authenticated user's browser, can alter administrative passwords and other configuration settings.

Impact

Exploitation of this vulnerability allows for unauthorized changes to administrative passwords and configuration settings on the affected router.

Added: Jan 26, 2026, 6:26 PM

Updated: Jan 26, 2026, 6:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

5.8

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

5.8

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda W30E V2 Cross-Site Request Forgery Vulnerability in Administrative Endpoints

Vulnerability

Impact

Affected Products

Shenzhen Tenda W30E V2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating