Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tenda W30E V2 Permissive CORS Allows Cross-origin Data Access
Vulnerability Description
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an insecure Cross-Origin Resource Sharing (CORS) policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: * in combination with Access-Control-Allow-Credentials: true, allowing attacker-controlled origins to issue credentialed cross-origin requests.
CVSS Information
N/A
Vulnerability Type
过度许可的跨域白名单
Vulnerability Title
Tenda W30E 安全漏洞
Vulnerability Description
Tenda W30E是中国腾达(Tenda)公司的一款路由器。 Tenda W30E V2 V16.01.0.19(5037)及之前版本存在安全漏洞,该漏洞源于管理端点实施不安全的跨资源共享策略,可能导致攻击者发起跨域凭据请求。
CVSS Information
N/A
Vulnerability Type
N/A