CVE-2026-24428 - Tenda W30E V2 Incorrect Authorization Allows Administrator Password Change

CVE ID : CVE-2026-24428 Published : Jan. 26, 2026, 6:16 p.m. | 1 hour, 28 minutes ago Description : Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the backend endpoint, an attacker can bypass role-based restrictions enforced by the web interface and obtain full administrative privileges. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...