VYPR
Unrated severityNVD Advisory· Published Feb 23, 2026· Updated Mar 5, 2026

Tenda F3 Plaintext Credential Exposure in Configuration Download

CVE-2026-27514

Description

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits appropriate Cache-Control directives, which can allow the response to be stored in client-side caches and recovered by other local users or processes with access to cached browser data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Tenda/F3llm-fuzzy
    Range: = V12.01.01.55_multi
  • Shenzhen Tenda Technology Co., Ltd./Tenda F3v5
    Range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.