CVE-2026-27513

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
5.1MEDIUM
EPSS
0.0%
top 95.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Shenzhen Tenda Technology Co., Ltd. Tenda F3Tenda F3 Firmware
Timeline
PublishedFeb 23

Description

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit state-changing requests, which can result in unauthorized configuration changes.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDtenda/f3_firmware12.01.01.55_multi

🔴Vulnerability Details

2
GHSA
GHSA-9hjg-4h75-mvc5: Shenzhen Tenda F3 Wireless Router firmware V122026-02-23
CVEList
Tenda F3 CSRF in Web Management Interface2026-02-23
CVE-2026-27513 (MEDIUM CVSS 5.1) | Shenzhen Tenda F3 Wireless Router f | cvebase.io