Vulnerability Description
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits appropriate Cache-Control directives, which can allow the response to be stored in client-side caches and recovered by other local users or processes with access to cached browser data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tenda | F3 Firmware | <= 12.01.01.55_multi |
| Tenda | F3 | - |
Related Weaknesses (CWE)
References
- https://www.tendacn.com/product/F3Product
- https://www.vulncheck.com/advisories/tenda-f3-plaintext-credential-exposure-in-cThird Party Advisory
FAQ
What is CVE-2026-27514?
CVE-2026-27514 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response i...
How severe is CVE-2026-27514?
CVE-2026-27514 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-27514?
Check the references section above for vendor advisories and patch information. Affected products include: Tenda F3 Firmware, Tenda F3.