CVE-2026-24441 — Cleartext Transmission of Sensitive Info in Tenda Technology CO LTD Tenda AC7

CWE-319 — Cleartext Transmission of Sensitive Info3 documents3 sources

Severity

8.2HIGHNVD

EPSS

0.0%

top 96.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Shenzhen Tenda Technology CO LTD Tenda AC7 Tenda AC7 Firmware

Timeline

PublishedFeb 3

Description

Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDtenda/ac7_firmware03.03.03.01

▶CVEListV5shenzhen_tenda_technology_co_ltd/tenda_ac703.03.03.01_cn

🔴Vulnerability Details

CVEList

Tenda AC7 Transmits Admin Credentials Without HTTPS Protection↗2026-02-03

▶

GHSA

GHSA-j785-3rj2-95j3: Shenzhen Tenda AC7 firmware version V03↗2026-02-03

▶