Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tenda W30E V2 Incorrect Authorization Allows Administrator Password Change
Vulnerability Description
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the backend endpoint, an attacker can bypass role-based restrictions enforced by the web interface and obtain full administrative privileges.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
Tenda W30E 安全漏洞
Vulnerability Description
Tenda W30E是中国腾达(Tenda)公司的一款路由器。 Tenda W30E V2 V16.01.0.19(5037)及之前版本存在安全漏洞,该漏洞源于用户管理API存在授权缺陷,可能导致低权限认证用户更改管理员账户密码。
CVSS Information
N/A
Vulnerability Type
N/A