Tenda W30E V2 Unverified Password Change Vulnerability

Vulnerability

A vulnerability exists in the Shenzhen Tenda W30E V2 router, specifically in firmware versions up to and including V16.01.0.19(5037). This vulnerability allows users to change account passwords via the maintenance interface without verifying the current password. As a result, unauthorized password changes can be made if access to the affected endpoint is gained.

Impact

Exploitation of this vulnerability allows for unauthorized password changes, potentially leading to unauthorized access to user accounts.

Added: Jan 26, 2026, 6:21 PM

Updated: Jan 26, 2026, 6:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.9

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.9

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda W30E V2 Unverified Password Change Vulnerability

Vulnerability

Impact

Affected Products

Shenzhen Tenda W30E V2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating