Lucene search
K

454 matches found

CVE
CVE
added 2026/02/03 7:14 p.m.9 views

CVE-2026-24441

The CVE-2026-24441 entry concerns Shenzhen Tenda AC7 firmware (versions prior to and including V03.03.03.01_cn) that transmits account credentials in plaintext via HTTP responses. The underlying issue is the lack of encryption for authentication material, enabling an on-path attacker to intercept...

8.2CVSS5.5AI score0.00207EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 7:14 p.m.2 views

CVE-2026-24441 Tenda AC7 Transmits Admin Credentials Without HTTPS Protection

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...

8.2CVSS5.5AI score0.00207EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/03 7:13 p.m.3 views

CVE-2026-24434 Tenda AC7 Web Interface Lacks CSRF Protections for Admin Actions

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...

5.1CVSS5.5AI score0.00146EPSS
Exploits0References2
CVE
CVE
added 2026/02/03 7:13 p.m.14 views

CVE-2026-24434

The CVE-2026-24434 affects Shenzhen Tenda AC7 firmware versions prior to V03.03.03.01_cn. The web management interface is missing anti-CSRF protections and robust origin validation, enabling a logged-in administrator to be induced to perform unintended state-changing requests and modify router se...

6.5CVSS5.5AI score0.00146EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/03 7:13 p.m.24 views

CVE-2026-24434 Tenda AC7 Web Interface Lacks CSRF Protections for Admin Actions

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...

5.1CVSS0.00146EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/03 7:11 p.m.3 views

CVE-2026-24427 Tenda AC7 Exposes Admin Credentials in Configuration Responses

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack...

6.8CVSS5.4AI score0.00118EPSS
Exploits0References2
CVE
CVE
added 2026/02/03 7:11 p.m.10 views

CVE-2026-24427

CVE-2026-24427 affects Shenzhen Tenda AC7 devices with firmware up to V03.03.03.01_cn. The web management responses expose administrative credentials (router/admin passwords) in plaintext within configuration responses, and lack Cache-Control headers, enabling caching and potential exposure if an...

6.8CVSS5.4AI score0.00118EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/03 7:9 p.m.5 views

CVE-2026-24426

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...

5.1CVSS5.5AI score0.00188EPSS
Exploits0References3
CVE
CVE
added 2026/02/03 7:9 p.m.10 views

CVE-2026-24426

The CVE-2026-24426 issue affects Shenzhen Tenda AC7 firmware prior to V03.03.03.01_cn, where an improper output encoding in the web management interface reflects user input in HTTP responses. This reflected XSS risk could allow injection of arbitrary HTML/JavaScript into a victim’s browser contex...

6.1CVSS5.5AI score0.00188EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/03 7:9 p.m.24 views

CVE-2026-24426 Tenda AC7 Reflected XSS via Web Interface Output Encoding

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...

5.1CVSS0.00188EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/03 7:9 p.m.3 views

CVE-2026-24426 Tenda AC7 Reflected XSS via Web Interface Output Encoding

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...

5.1CVSS5.5AI score0.00188EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.8 views

PT-2026-6191

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda AC7 firmware versions prior to V03.03.03.01 cn Description The web management interface lacks CSRF protections for administrative functions. The interface does not enforce anti-CSRF tokens or robust origin validation. This could...

6.5CVSS5.5AI score0.00146EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

Tenda AC7 安全漏洞

The Tenda AC7 is a wireless router produced by the Chinese company Tenda. The Tenda AC7 V03.03.03.01cn and earlier versions have security vulnerabilities. These vulnerabilities stem from the exposure of sensitive information during web management responses, which may lead to credential leaks...

6.8CVSS5.8AI score0.00118EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-6192

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda AC7 firmware versions prior to V03.03.03.01 cn Description The firmware for Shenzhen Tenda AC7 devices up to version V03.03.03.01 cn reveals account credentials in plain text within HTTP responses. This allows an attacker...

8.2CVSS5.5AI score0.00207EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

Tenda AC7 跨站请求伪造漏洞

The Tenda AC7 is a wireless router produced by the Chinese company Tenda. Versions of the Tenda AC7 such as V03.03.03.01cn and earlier contained a vulnerability related to cross-site request forgery. This vulnerability stemmed from the lack of CSRF protection in the web management interface, whic...

6.5CVSS5.7AI score0.00146EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.4 views

PT-2026-6190

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda AC7 firmware versions prior to V03.03.03.01 cn Description The firmware for Shenzhen Tenda AC7 devices up to version V03.03.03.01 cn reveals sensitive information within web management responses. This includes administrative...

6.8CVSS5.4AI score0.00118EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.17 views

CVE-2025-1819

A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lanip leads to os command injection. It is possible to launch the attack remotely. The exploit has been...

9.8CVSS7.4AI score0.01786EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.12 views

CVE-2024-2897

A vulnerability classified as critical has been found in Tenda AC7 15.03.06.44. Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclose...

8.8CVSS7.5AI score0.07893EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.10 views

CVE-2024-2900

A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. This affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. It is possible to initiate th...

9CVSS7AI score0.01683EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.6 views

CVE-2024-2898

A vulnerability classified as critical was found in Tenda AC7 15.03.06.44. Affected by this vulnerability is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The...

9CVSS7.1AI score0.01683EPSS
Exploits1References1
Rows per page
Query Builder