CVE-2026-38834

· NIST NVD ↗

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

HIGH
CVSS severity
7.3
CVSS base score
2026-04-21
Published

CWE codes

CWE-77

Affected products

tenda:w30e_firmwaretenda:w30e

Sources