Vulnerability Description
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under affected browser behaviors, MIME sniffing may cause the response to be interpreted as active HTML, enabling script execution in the context of the administrative interface.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tenda | F3 Firmware | <= 12.01.01.55_multi |
| Tenda | F3 | - |
Related Weaknesses (CWE)
References
- https://www.tendacn.com/product/F3Product
- https://www.vulncheck.com/advisories/tenda-f3-reflected-script-execution-via-misThird Party Advisory
FAQ
What is CVE-2026-27512?
CVE-2026-27512 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header...
How severe is CVE-2026-27512?
CVE-2026-27512 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-27512?
Check the references section above for vendor advisories and patch information. Affected products include: Tenda F3 Firmware, Tenda F3.