{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30140", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-11T14:28:39.384Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-09T18:18:10.417Z"}, "descriptions": [{"lang": "en", "value": "An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and potential remote administrative access."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/jhx-ui/CVE-Reports/blob/main/README.md#vulnerability-report-tenda-router-sensitive-information-disclosure"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-11T14:25:36.407227Z", "id": "CVE-2026-30140", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T14:28:39.384Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30140", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T14:25:36.407227Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T14:28:33.337Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/jhx-ui/CVE-Reports/blob/main/README.md#vulnerability-report-tenda-router-sensitive-information-disclosure"}], "descriptions": [{"lang": "en", "value": "An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and potential remote administrative access."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-09T18:18:10.417Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30140", "state": "PUBLISHED", "dateUpdated": "2026-03-11T14:28:39.384Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-09T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:w15e_firmware:02.03.01.26_cn:*:*:*:*:*:*:*", "matchCriteriaId": "61A1E025-80B4-4B4E-A9B2-CF0EF5AEBE64", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:w15e:-:*:*:*:*:*:*:*", "matchCriteriaId": "248A1A83-1288-42D8-A9BC-13D3AA7A2881", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and potential remote administrative access."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso incorrecto existe en Tenda W15E V02.03.01.26_cn. Un atacante no autenticado puede acceder al endpoint /cgi-bin/DownloadCfg/RouterCfm.jpg para descargar el archivo de configuraci\u00f3n que contiene credenciales de administrador en texto plano, lo que lleva a la revelaci\u00f3n de informaci\u00f3n sensible y a un posible acceso administrativo remoto."}], "id": "CVE-2026-30140", "lastModified": "2026-03-13T19:40:00.567", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-09T19:16:07.303", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://github.com/jhx-ui/CVE-Reports/blob/main/README.md#vulnerability-report-tenda-router-sensitive-information-disclosure"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "V02.03.01.26_cn"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "w15e", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-16T04:03:55.974773+00:00", "value": {"mitigation_remediation": ["Apply the latest Tenda firmware that fixes the access\u2011control flaw.", "Configure the router to accept management traffic only from trusted local subnets or a VPN, thereby reducing external exposure.", "Create firewall or access\u2011control rules to block or restrict requests to /cgi\u2011bin/DownloadCfg/RouterCfm.jpg from untrusted networks."], "summary": {"action": "Patch Now", "impact": "Sensitive information disclosure through unauthenticated access to the router configuration file"}, "threat_synthesis": {"affected_systems": "The vulnerability applies to Tenda W15E routers with firmware V02.03.01.26_cn. No other vendor or product variants are listed in the advisory; the security impact is limited to this specific model and firmware revision.", "description_and_impact": "Tenda routers running firmware version V02.03.01.26_cn are affected by an incorrect access control flaw that allows any unauthenticated user to request the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint. This endpoint returns the entire configuration file, which contains plaintext administrator credentials. The flaw is a classic example of CWE\u2011284, Missing Authorization, and enables attackers to obtain sensitive information that could be leveraged to gain remote administrative control of the device.", "risk_and_exploitability": "The CVSS base score is 7.5, indicating a high severity risk. EPSS indicates a probability of exploitation of less than 1%, and the issue is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a local network attacker interacting with the web interface, though any scenario that exposes the router\u2019s management interface to the internet could increase risk. The vulnerability allows threat actors to download configuration files and extract privileged credentials, potentially enabling full remote control of the device."}}}}, "created": "2026-03-10T14:10:35.877235+00:00", "title": "Unauthenticated Router Configuration File Disclosure due to Incorrect Access Control", "updated": "2026-04-16T04:15:24.073951+00:00", "vendors": ["tenda", "tenda$PRODUCT$w15e"]}