Security Advisory

CVE-2026-30140

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-09 00:00:00

Last updated 2026-03-11 14:28:39

Assigner mitre

State PUBLISHED

Description

An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and potential remote administrative access.

← Browse all CVEs View on cve.org ↗