Shenzhen Tenda Technology Co Ltd Tenda Ac7 vulnerabilities

CVE-2026-24441 [HIGH] CWE-319 CVE-2026-24441: Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose account credentials in plaintex Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material.

CVE-2026-24426 [MEDIUM] CWE-79 CVE-2026-24426: Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior contain an improper output encoding vu Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser context.

CVE-2026-24434 [MEDIUM] CWE-352 CVE-2026-24434: Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not implement CSRF protections fo Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrator to perform unintended state-changing requests and

CVE-2026-24427 [MEDIUM] CWE-201 CVE-2026-24427: Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web ma Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack appropriate Cache-Control directives, which may permit web br