Tenda W30E V2 Missing X-Content-Type-Options Header Vulnerability

Vulnerability

A vulnerability exists in the Shenzhen Tenda W30E V2 router, specifically in firmware versions up to and including V16.01.0.19(5037). The issue arises because the web management interface does not include the X-Content-Type-Options: nosniff response header. This omission can lead to browsers that perform MIME sniffing to mistakenly interpret responses influenced by an attacker as executable scripts.

Impact

The lack of the X-Content-Type-Options header can result in improper handling of content types by the browser, potentially allowing for the execution of malicious scripts.

Added: Jan 26, 2026, 6:22 PM

Updated: Jan 26, 2026, 6:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.4

exploitability

5.6

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.4

exploitability

5.6

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda W30E V2 Missing X-Content-Type-Options Header Vulnerability

Vulnerability

Impact

Affected Products

Shenzhen Tenda W30E V2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating