CVE-2026-27514

CWE-201 CWE-5253 documents3 sources

Severity

7.1HIGH

EPSS

0.0%

top 88.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Shenzhen Tenda Technology Co., Ltd. Tenda F3 Tenda F3 Firmware

Timeline

PublishedFeb 23

Description

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits appropriate Cache-Control directives, which can allow the response to be stored in client-side caches and recovered by other local users or processes with access to cached browser data.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDtenda/f3_firmware12.01.01.55_multi

▶CVEListV5shenzhen_tenda_technology_co.,_ltd./tenda_f312.01.01.55_multi

🔴Vulnerability Details

CVEList

Tenda F3 Plaintext Credential Exposure in Configuration Download↗2026-02-23

▶

GHSA

GHSA-jqx8-f6x9-hm34: Shenzhen Tenda F3 Wireless Router firmware V12↗2026-02-23

▶