454 matches found
CVE-2026-24441
The CVE-2026-24441 entry concerns Shenzhen Tenda AC7 firmware (versions prior to and including V03.03.03.01_cn) that transmits account credentials in plaintext via HTTP responses. The underlying issue is the lack of encryption for authentication material, enabling an on-path attacker to intercept...
CVE-2026-24441 Tenda AC7 Transmits Admin Credentials Without HTTPS Protection
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...
CVE-2026-24434 Tenda AC7 Web Interface Lacks CSRF Protections for Admin Actions
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...
CVE-2026-24434
The CVE-2026-24434 affects Shenzhen Tenda AC7 firmware versions prior to V03.03.03.01_cn. The web management interface is missing anti-CSRF protections and robust origin validation, enabling a logged-in administrator to be induced to perform unintended state-changing requests and modify router se...
CVE-2026-24434 Tenda AC7 Web Interface Lacks CSRF Protections for Admin Actions
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...
CVE-2026-24427 Tenda AC7 Exposes Admin Credentials in Configuration Responses
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack...
CVE-2026-24427
CVE-2026-24427 affects Shenzhen Tenda AC7 devices with firmware up to V03.03.03.01_cn. The web management responses expose administrative credentials (router/admin passwords) in plaintext within configuration responses, and lack Cache-Control headers, enabling caching and potential exposure if an...
CVE-2026-24426
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...
CVE-2026-24426
The CVE-2026-24426 issue affects Shenzhen Tenda AC7 firmware prior to V03.03.03.01_cn, where an improper output encoding in the web management interface reflects user input in HTTP responses. This reflected XSS risk could allow injection of arbitrary HTML/JavaScript into a victim’s browser contex...
CVE-2026-24426 Tenda AC7 Reflected XSS via Web Interface Output Encoding
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...
CVE-2026-24426 Tenda AC7 Reflected XSS via Web Interface Output Encoding
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...
PT-2026-6191
Name of the Vulnerable Software and Affected Versions Shenzhen Tenda AC7 firmware versions prior to V03.03.03.01 cn Description The web management interface lacks CSRF protections for administrative functions. The interface does not enforce anti-CSRF tokens or robust origin validation. This could...
Tenda AC7 安全漏洞
The Tenda AC7 is a wireless router produced by the Chinese company Tenda. The Tenda AC7 V03.03.03.01cn and earlier versions have security vulnerabilities. These vulnerabilities stem from the exposure of sensitive information during web management responses, which may lead to credential leaks...
PT-2026-6192
Name of the Vulnerable Software and Affected Versions Shenzhen Tenda AC7 firmware versions prior to V03.03.03.01 cn Description The firmware for Shenzhen Tenda AC7 devices up to version V03.03.03.01 cn reveals account credentials in plain text within HTTP responses. This allows an attacker...
Tenda AC7 跨站请求伪造漏洞
The Tenda AC7 is a wireless router produced by the Chinese company Tenda. Versions of the Tenda AC7 such as V03.03.03.01cn and earlier contained a vulnerability related to cross-site request forgery. This vulnerability stemmed from the lack of CSRF protection in the web management interface, whic...
PT-2026-6190
Name of the Vulnerable Software and Affected Versions Shenzhen Tenda AC7 firmware versions prior to V03.03.03.01 cn Description The firmware for Shenzhen Tenda AC7 devices up to version V03.03.03.01 cn reveals sensitive information within web management responses. This includes administrative...
CVE-2025-1819
A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lanip leads to os command injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2024-2897
A vulnerability classified as critical has been found in Tenda AC7 15.03.06.44. Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclose...
CVE-2024-2900
A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. This affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. It is possible to initiate th...
CVE-2024-2898
A vulnerability classified as critical was found in Tenda AC7 15.03.06.44. Affected by this vulnerability is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The...