CVE-2026-24435 | Tenda W30E V2 up to 16.01.0.19(5037) Administrative Endpoint cross-domain policy

Inserito da Angelo Barbosa | Gen 27, 2026 | CVE

A vulnerability, which was classified as problematic, was found in Tenda W30E V2 up to 16.01.0.19(5037). This impacts an unknown function of the component Administrative Endpoint. Such manipulation leads to permissive cross-domain policy with untrusted domains.

This vulnerability is referenced as CVE-2026-24435. It is possible to launch the attack remotely. No exploit is available.

CVE-2026-24435 | Tenda W30E V2 up to 16.01.0.19(5037) Administrative Endpoint cross-domain policy

Post correlati

CVE-2024-25569 | Mathieu Malaterre Grassroot DICOM 3.0.23 DICOM File RAWCodec::DecodeBytes out-of-bounds (TALOS-2024-1944)

CVE-2024-8963 | Ivanti CSA up to 4.6 Patch 518 path traversal

CVE-2024-32458 | FreeRDP up to 2.11.5/3.4.x out-of-bounds (GHSA-vvr6-h646-mp4p)

CVE-2025-27703 | Absolute Security Secure Access up to 13.53 management console permission