F3
by Tenda
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-22082 | Hig | 0.57 | — | 0.00 | Jan 9, 2026 | This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting… | ||
| CVE-2026-22081 | Hig | 0.57 | — | 0.00 | Jan 9, 2026 | This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by… | ||
| CVE-2026-27514 | 0.00 | — | 0.00 | Feb 23, 2026 | Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The… | |||
| CVE-2026-27513 | 0.00 | — | 0.00 | Feb 23, 2026 | Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated… | |||
| CVE-2025-57571 | 0.00 | — | 0.00 | Sep 10, 2025 | Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT. | |||
| CVE-2025-57572 | 0.00 | — | 0.00 | Sep 10, 2025 | Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl. | |||
| CVE-2025-57569 | 0.00 | — | 0.00 | Sep 10, 2025 | Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT. | |||
| CVE-2025-57570 | 0.00 | — | 0.00 | Sep 10, 2025 | Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS. | |||
| CVE-2025-57573 | 0.00 | — | 0.00 | Sep 10, 2025 | Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi. |
- risk 0.57cvss —epss 0.00
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting…
- risk 0.57cvss —epss 0.00
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by…
- CVE-2026-27514Feb 23, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The…
- CVE-2026-27513Feb 23, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated…
- CVE-2025-57571Sep 10, 2025risk 0.00cvss —epss 0.00
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT.
- CVE-2025-57572Sep 10, 2025risk 0.00cvss —epss 0.00
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl.
- CVE-2025-57569Sep 10, 2025risk 0.00cvss —epss 0.00
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT.
- CVE-2025-57570Sep 10, 2025risk 0.00cvss —epss 0.00
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS.
- CVE-2025-57573Sep 10, 2025risk 0.00cvss —epss 0.00
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi.