F3
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-22082 | Hig | 0.57 | — | 0.00 | Jan 9, 2026 | This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and capturing the session ID during insecure transmission. Successful exploitation of this vulnerability could allow the attacker to hijack an authenticated session and compromise sensitive configuration information on the targeted device. | ||
| CVE-2026-22081 | Hig | 0.57 | — | 0.00 | Jan 9, 2026 | This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies transmitted over an insecure HTTP connection. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unau-thorized access to the targeted device. | ||
| CVE-2026-27514 | 0.00 | — | 0.00 | Feb 23, 2026 | Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits appropriate Cache-Control directives, which can allow the response to be stored in client-side caches and recovered by other local users or processes with access to cached browser data. | |||
| CVE-2026-27513 | 0.00 | — | 0.00 | Feb 23, 2026 | Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit state-changing requests, which can result in unauthorized configuration changes. | |||
| CVE-2025-57571 | 0.00 | — | 0.00 | Sep 10, 2025 | Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT. | |||
| CVE-2025-57572 | 0.00 | — | 0.00 | Sep 10, 2025 | Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl. | |||
| CVE-2025-57569 | 0.00 | — | 0.00 | Sep 10, 2025 | Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT. | |||
| CVE-2025-57570 | 0.00 | — | 0.00 | Sep 10, 2025 | Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS. | |||
| CVE-2025-57573 | 0.00 | — | 0.00 | Sep 10, 2025 | Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi. |
- risk 0.57cvss —epss 0.00
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and capturing the session ID during insecure transmission. Successful exploitation of this vulnerability could allow the attacker to hijack an authenticated session and compromise sensitive configuration information on the targeted device.
- risk 0.57cvss —epss 0.00
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies transmitted over an insecure HTTP connection. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unau-thorized access to the targeted device.
- CVE-2026-27514Feb 23, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits appropriate Cache-Control directives, which can allow the response to be stored in client-side caches and recovered by other local users or processes with access to cached browser data.
- CVE-2026-27513Feb 23, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit state-changing requests, which can result in unauthorized configuration changes.
- CVE-2025-57571Sep 10, 2025risk 0.00cvss —epss 0.00
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT.
- CVE-2025-57572Sep 10, 2025risk 0.00cvss —epss 0.00
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl.
- CVE-2025-57569Sep 10, 2025risk 0.00cvss —epss 0.00
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT.
- CVE-2025-57570Sep 10, 2025risk 0.00cvss —epss 0.00
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS.
- CVE-2025-57573Sep 10, 2025risk 0.00cvss —epss 0.00
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi.