Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Shenzhen Tenda Technology Co., Ltd. — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting Shenzhen Tenda Technology Co., Ltd.. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Shenzhen Tenda Technology Co., Ltd. develops networking equipment including routers and access points for home and small business use. Historically, their products have frequently been affected by remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. The company has faced scrutiny for multiple security incidents, with 19 CVEs documented, highlighting persistent issues in firmware security and patch management. These vulnerabilities have allowed attackers to compromise devices without authentication, exposing networks to unauthorized access and potential botnet recruitment. Tenda's security track record reflects broader challenges in the IoT ecosystem, where cost pressures and rapid development cycles often compromise robust security practices.

Top products by Shenzhen Tenda Technology Co., Ltd.: W30E V2 Tenda AC7 Tenda F3
CVE IDTitleCVSSSeverityPublished
CVE-2026-27514 Tenda F3 Plaintext Credential Exposure in Configuration Download — Tenda F3CWE-201 6.5 Medium2026-02-23
CVE-2026-27513 Tenda F3 CSRF in Web Management Interface — Tenda F3CWE-352 4.3 Medium2026-02-23
CVE-2026-27512 Tenda F3 Reflected Script Execution via Missing nosniff Header — Tenda F3CWE-79 6.1 Medium2026-02-23
CVE-2026-27511 Tenda F3 Clickjacking in Web Management Interface — Tenda F3CWE-1021 4.3 Medium2026-02-23
CVE-2026-24441 Tenda AC7 Transmits Admin Credentials Without HTTPS Protection — Tenda AC7CWE-319 9.1AICriticalAI2026-02-03
CVE-2026-24434 Tenda AC7 Web Interface Lacks CSRF Protections for Admin Actions — Tenda AC7CWE-352 6.5AIMediumAI2026-02-03
CVE-2026-24427 Tenda AC7 Exposes Admin Credentials in Configuration Responses — Tenda AC7CWE-201 8.1AIHighAI2026-02-03
CVE-2026-24426 Tenda AC7 Reflected XSS via Web Interface Output Encoding — Tenda AC7CWE-79 6.1AIMediumAI2026-02-03
CVE-2026-24435 Tenda W30E V2 Permissive CORS Allows Cross-origin Data Access — W30E V2CWE-942 8.1AIHighAI2026-01-26
CVE-2026-24439 Tenda W30E V2 Lacks X-Content-Type-Options Header — W30E V2CWE-116 9.4AICriticalAI2026-01-26
CVE-2026-24432 Tenda W30E V2 Missing CSRF Protections for Administrative Actions — W30E V2CWE-352 8.8AIHighAI2026-01-26
CVE-2026-24433 Tenda W30E V2 Stored XSS via Username Field — W30E V2CWE-79 6.1AIMediumAI2026-01-26
CVE-2026-24431 Tenda W30E V2 Web UI Reveals Passwords in Cleartext — W30E V2CWE-317 8.1AIHighAI2026-01-26
CVE-2026-24437 Tenda W30E V2 Missing Cache Controls for Credential-bearing Pages — W30E V2CWE-525 7.1AIHighAI2026-01-26
CVE-2026-24436 Tenda W30E V2 Lacks Rate Limiting on Authentication — W30E V2CWE-307 9.8AICriticalAI2026-01-26
CVE-2026-24428 Tenda W30E V2 Incorrect Authorization Allows Administrator Password Change — W30E V2CWE-863 8.8AIHighAI2026-01-26
CVE-2026-24430 Tenda W30E V2 HTTP Responses Expose Plaintext Credentials — W30E V2CWE-201 7.5AIHighAI2026-01-26
CVE-2026-24429 Tenda W30E V2 Hardcoded Default Password for Built-in Account — W30E V2CWE-1393 9.8AICriticalAI2026-01-26
CVE-2026-24440 Tenda W30E V2 Allows Password Changes Without Verifying Current Password — W30E V2CWE-620 9.1AICriticalAI2026-01-26

This page lists every published CVE security advisory associated with Shenzhen Tenda Technology Co., Ltd.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.