The vulnerability identified as CVE-2026-24433 is a stored cross-site scripting (XSS) issue classified under CWE-79, found in the firmware of Shenzhen Tenda Technology Co., Ltd.'s W30E V2 router model. Specifically, firmware versions up to and including 16.01.0.19(5037) fail to properly sanitize input during the user creation process. This insufficient input validation allows an attacker to inject malicious script code that is stored persistently within the device's management interface. When an administrative user later accesses the affected management pages, the malicious script executes in their browser context. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), and no privileges (PR:L) or authentication (AT:N) are needed, but user interaction (UI:P) is required in the form of an admin viewing the compromised page. The vulnerability impacts confidentiality and integrity by potentially enabling session hijacking, credential theft, or unauthorized administrative actions. The scope is limited to the device management interface, and the vulnerability is rated medium severity with a CVSS 4.0 score of 5.1. No public exploits are currently known, but the risk remains significant due to the administrative privileges that could be compromised. The lack of available patches at the time of reporting increases the urgency for mitigation through alternative controls.

For European organizations, this vulnerability poses a risk primarily to network security and administrative control of affected devices. Exploitation could allow attackers to execute arbitrary scripts in the context of the router's administrative interface, potentially leading to theft of administrative credentials, session hijacking, or further compromise of network infrastructure. Small and medium enterprises (SMEs) and home office users relying on the Tenda W30E V2 router are particularly vulnerable, as these devices often lack advanced security monitoring. Compromise of router management could enable attackers to alter network configurations, redirect traffic, or establish persistent footholds within organizational networks. Given the medium severity, the impact on confidentiality and integrity is moderate but could escalate if combined with other vulnerabilities or social engineering tactics. The availability impact is minimal as the vulnerability does not directly cause denial of service. However, the indirect consequences of compromised network devices could be severe. European organizations with limited IT security resources may face challenges in detection and remediation, increasing the risk of undetected exploitation.

1. Monitor Shenzhen Tenda's official channels for firmware updates addressing this vulnerability and apply patches promptly once available. 2. Restrict administrative access to the router management interface by limiting it to trusted IP addresses or VPN connections, reducing exposure to remote attackers. 3. Implement network segmentation to isolate management interfaces from general user networks, minimizing the attack surface. 4. Employ web application firewalls (WAFs) or intrusion detection/prevention systems (IDS/IPS) capable of detecting and blocking XSS payloads targeting router management interfaces. 5. Educate administrative users about the risks of interacting with suspicious or untrusted content within device management portals. 6. Regularly audit router configurations and logs for signs of unauthorized access or suspicious activity. 7. Where feasible, replace vulnerable devices with models from vendors with stronger security track records or that provide timely security updates. 8. Utilize strong, unique administrative passwords and consider multi-factor authentication if supported by the device to reduce the risk of credential compromise.