Vulnerabilidades en Shenzhen Tenda Technology Co., Ltd.
19 resultadosCVE-2026-24436CRITICALTenda W30E V2 Lacks Rate Limiting on AuthenticationEPSS 0.4%CVE-2026-24429CRITICALTenda W30E V2 Hardcoded Default Password for Built-in AccountEPSS 0.4%CVE-2026-24428HIGHTenda W30E V2 Incorrect Authorization Allows Administrator Password ChangeEPSS 0.3%CVE-2026-24440HIGHTenda W30E V2 Allows Password Changes Without Verifying Current PasswordEPSS 0.3%CVE-2026-24430HIGHTenda W30E V2 HTTP Responses Expose Plaintext CredentialsEPSS 0.2%CVE-2026-27514HIGHTenda F3 Plaintext Credential Exposure in Configuration DownloadEPSS 0.2%CVE-2026-24435HIGHTenda W30E V2 Permissive CORS Allows Cross-origin Data AccessEPSS 0.2%CVE-2026-27511MEDIUMTenda F3 Clickjacking in Web Management InterfaceEPSS 0.2%CVE-2026-24441HIGHTenda AC7 Transmits Admin Credentials Without HTTPS ProtectionEPSS 0.2%CVE-2026-24431HIGHTenda W30E V2 Web UI Reveals Passwords in CleartextEPSS 0.2%CVE-2026-24426MEDIUMTenda AC7 Reflected XSS via Web Interface Output EncodingEPSS 0.2%CVE-2026-24433MEDIUMTenda W30E V2 Stored XSS via Username FieldEPSS 0.2%CVE-2026-27512MEDIUMTenda F3 Reflected Script Execution via Missing nosniff HeaderEPSS 0.2%CVE-2026-24439LOWTenda W30E V2 Lacks X-Content-Type-Options HeaderEPSS 0.2%CVE-2026-24437MEDIUMTenda W30E V2 Missing Cache Controls for Credential-bearing PagesEPSS 0.2%CVE-2026-24434MEDIUMTenda AC7 Web Interface Lacks CSRF Protections for Admin ActionsEPSS 0.1%CVE-2026-24427MEDIUMTenda AC7 Exposes Admin Credentials in Configuration ResponsesEPSS 0.1%CVE-2026-24432MEDIUMTenda W30E V2 Missing CSRF Protections for Administrative ActionsEPSS 0.1%CVE-2026-27513MEDIUMTenda F3 CSRF in Web Management InterfaceEPSS 0.1%