Tenda W30E V2 Insecure CORS Policy on Administrative Endpoints

Vulnerability

A vulnerability exists in the Tenda W30E V2 router, specifically in firmware versions up to and including V16.01.0.19(5037). The issue arises from an insecure Cross-Origin Resource Sharing (CORS) policy implemented on authenticated administrative endpoints. The router allows any origin to make credentialed cross-origin requests, which could be exploited by attackers.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data or functionality on the router's administrative interface, by allowing attacker-controlled origins to send requests that include credentials.

Added: Jan 26, 2026, 6:25 PM

Updated: Jan 26, 2026, 6:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

4.0

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

4.0

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda W30E V2 Insecure CORS Policy on Administrative Endpoints

Vulnerability

Impact

Affected Products

Shenzhen Tenda W30E V2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating