CVE-2026-27511

CWE-1021 — Clickjacking3 documents3 sources

Severity

5.1MEDIUM

EPSS

0.0%

top 87.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Shenzhen Tenda Technology Co., Ltd. Tenda F3 Tenda F3 Firmware

Timeline

PublishedFeb 23

Description

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an authenticated administrator into unintended interactions that may result in unauthorized configuration changes.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDtenda/f3_firmware12.01.01.55_multi

▶CVEListV5shenzhen_tenda_technology_co.,_ltd./tenda_f312.01.01.55_multi

🔴Vulnerability Details

CVEList

Tenda F3 Clickjacking in Web Management Interface↗2026-02-23

▶

GHSA

GHSA-q6w4-grhv-wcp8: Shenzhen Tenda F3 Wireless Router firmware V12↗2026-02-23

▶