Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-9423-9282-jq44

Опубликовано: 26 янв. 2026
Источник: github
Github: Не прошло ревью
CVSS4: 7.1
CVSS3: 6.5

Описание

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an insecure Cross-Origin Resource Sharing (CORS) policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: * in combination with Access-Control-Allow-Credentials: true, allowing attacker-controlled origins to issue credentialed cross-origin requests.

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an insecure Cross-Origin Resource Sharing (CORS) policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: * in combination with Access-Control-Allow-Credentials: true, allowing attacker-controlled origins to issue credentialed cross-origin requests.

Ссылки

EPSS

Процентиль: 10%
0.00035
Низкий

7.1 High

CVSS4

6.5 Medium

CVSS3

CVE ID

CVE-2026-24435

Дефекты

CWE-942

Связанные уязвимости

nvd логотип

CVE-2026-24435

CVSS3: 6.5
nvd
9 дней назад

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an insecure Cross-Origin Resource Sharing (CORS) policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: * in combination with Access-Control-Allow-Credentials: true, allowing attacker-controlled origins to issue credentialed cross-origin requests.

fstec логотип

BDU:2026-00942

CVSS3: 6.5
fstec
9 дней назад

Уязвимость механизма CORS микропрограммного обеспечения беспроводных Wi-Fi маршрутизаторов Tenda W30E, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 10%
0.00035
Низкий

7.1 High

CVSS4

6.5 Medium

CVSS3

CVE ID

CVE-2026-24435

Дефекты

CWE-942