CVE-2026-24433 is a stored cross-site scripting (XSS) vulnerability classified under CWE-79, affecting Shenzhen Tenda Technology Co., Ltd.'s W30E V2 router firmware versions up to and including 16.01.0.19(5037). The vulnerability stems from insufficient input validation in the user creation functionality of the router's web management interface. Specifically, attacker-controlled script content can be injected and stored persistently within the device's configuration or user database. When an administrative user subsequently accesses the affected management pages, the malicious script executes in the context of the admin's browser session. This can lead to unauthorized actions such as session hijacking, theft of administrative credentials, or manipulation of router settings. The vulnerability requires low attack complexity and no authentication to initiate the injection, but does require an administrative user to interact with the compromised interface for the script to execute. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required to inject, but user interaction (admin viewing) is necessary. The impact on confidentiality and integrity is low to moderate, with no direct availability impact. No patches or exploits are currently reported, but the vulnerability is publicly disclosed and thus poses a risk if left unmitigated. The affected product is widely used in consumer and small business environments, increasing the potential attack surface.

The primary impact of CVE-2026-24433 is on the confidentiality and integrity of administrative sessions and router configurations. Successful exploitation allows attackers to execute arbitrary scripts in the context of an administrative user, potentially leading to session hijacking, credential theft, or unauthorized configuration changes. This can compromise network security, enabling attackers to redirect traffic, disable security features, or create persistent backdoors. While the vulnerability does not directly affect availability, the resulting unauthorized changes could disrupt network operations. Organizations relying on Shenzhen Tenda W30E V2 routers, especially in environments with multiple administrators or remote management, face increased risk. The medium severity score reflects the moderate ease of exploitation combined with the need for administrative user interaction. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, as attackers may develop exploits following public disclosure. Overall, the vulnerability could facilitate broader network compromise if leveraged as part of a multi-stage attack.

1. Restrict access to the router's management interface to trusted networks only, preferably via VPN or isolated management VLANs, to reduce exposure to attackers. 2. Implement strong authentication mechanisms for administrative access, including multi-factor authentication if supported. 3. Monitor administrative access logs for unusual activity or repeated failed login attempts that may indicate exploitation attempts. 4. Educate administrative users about the risks of interacting with untrusted content and phishing attempts that could trigger the XSS payload. 5. Regularly audit router configurations and user accounts to detect unauthorized changes or suspicious entries. 6. Apply firmware updates from Shenzhen Tenda as soon as patches addressing this vulnerability become available. 7. If immediate patching is not possible, consider disabling the user creation functionality or limiting user creation privileges to trusted personnel only. 8. Employ web application firewalls or intrusion detection systems capable of detecting and blocking XSS payloads targeting the management interface. These targeted measures go beyond generic advice by focusing on access control, user education, and proactive monitoring tailored to this specific vulnerability.