CVE-2026-27514

Summary

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits appropriate Cache-Control directives, which can allow the response to be stored in client-side caches and recovered by other local users or processes with access to cached browser data.

Affected Software

VendorProductVersion RangeStatus
Shenzhen Tenda Technology Co., Ltd.Tenda F30 <= 12.01.01.55_multiaffected

Weaknesses

  • CWE-201: CWE-201: Insertion of Sensitive Information Into Sent Data
  • CWE-525: CWE-525: Use of Web Browser Cache Containing Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References