CVE-2026-22082

🗓️ 09 Jan 2026 11:24:54Reported by CERT-InType

Tenda routers use login credentials as session IDs, enabling remote hijacking via insecure traffic.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2026-22082	9 Jan 202611:55	–	circl
CNNVD	Tenda N300 授权问题漏洞	9 Jan 202600:00	–	cnnvd
Cvelist	CVE-2026-22082 Insecure Session ID Management Vulnerability in Tenda Wireless Routers	9 Jan 202611:24	–	cvelist
EUVD	EUVD-2026-1739	9 Jan 202611:24	–	euvd
NVD	CVE-2026-22082	9 Jan 202612:15	–	nvd
Positive Technologies	PT-2026-2150	9 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-22082	13 Jan 202622:52	–	redhatcve
Vulnrichment	CVE-2026-22082 Insecure Session ID Management Vulnerability in Tenda Wireless Routers	9 Jan 202611:24	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "300Mbps Wireless Router F3 and N300 Easy Setup Router",
    "vendor": "Tenda",
    "versions": [
      {
        "status": "affected",
        "version": "F3 v3.0 Firmware V12.01.01.41"
      },
      {
        "status": "affected",
        "version": "F3 v3.0 Firmware V12.01.01.42"
      },
      {
        "status": "affected",
        "version": "F3 v3.0 Firmware V12.01.01.48"
      },
      {
        "status": "affected",
        "version": "F3 v3.0 Firmware V12.01.01.52"
      },
      {
        "status": "affected",
        "version": "F3 v3.0 Firmware V12.01.01.55"
      },
      {
        "status": "affected",
        "version": "F3 v4.0 Firmware V03.03.01.40"
      }
    ]
  }
]

Source	Link
cert-in	www.cert-in.org.in/s2cMainServlet

15 Apr 2026 00:35Current

6.4Medium risk

Vulners AI Score6.4

CVSS 48.8

EPSS0.00072

SSVC

CWE-384