137 matches found
CVE-2026-27511
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...
CVE-2026-27512
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...
CVE-2026-27514
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits...
CVE-2026-27513
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a cross-site request forgery CSRF vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit...
CVE-2026-27511
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...
CVE-2026-27512
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...
CVE-2026-27513
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a cross-site request forgery CSRF vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit...
CVE-2026-27511
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...
CVE-2026-27512
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...
CVE-2026-27513
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a cross-site request forgery CSRF vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit...
CVE-2026-27514 Tenda F3 Plaintext Credential Exposure in Configuration Download
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits...
CVE-2026-27514
The CVE-2026-27514 entry affects Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi. The vulnerability is in the configuration download functionality, where the response exposes the router password and administrative password in plaintext. Additionally, the response lacks proper Cache-...
CVE-2026-27513 Tenda F3 CSRF in Web Management Interface
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a cross-site request forgery CSRF vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit...
CVE-2026-27513 Tenda F3 CSRF in Web Management Interface
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a cross-site request forgery CSRF vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit...
CVE-2026-27513
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi is affected by a cross-site request forgery (CSRF) in the web-based administrative interface due to lack of anti-CSRF protections. An attacker can induce an authenticated administrator to submit state-changing requests, leading to unau...
CVE-2026-27512 Tenda F3 Reflected Script Execution via Missing nosniff Header
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...
CVE-2026-27512
Affected product/firmware: Shenzhen Tenda F3 Wireless Router, firmware V12.01.01.55_multi. Issue: Content-type confusion in the administrative interface where responses omit the X-Content-Type-Options: nosniff header and reflect attacker-influenced content into the response body. MIME sniffing ma...
CVE-2026-27512 Tenda F3 Reflected Script Execution via Missing nosniff Header
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...
CVE-2026-27511 Tenda F3 Clickjacking in Web Management Interface
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...
CVE-2026-27511
Summary: CVE-2026-27511 affects Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi. The issue is a clickjacking vulnerability in the web-based administrative interface caused by the absence of the X-Frame-Options header, enabling attacker-controlled sites to embed admin pages in an ifr...