CVE-2026-24427

UNKNOWN 0.0

Tenda AC7 Exposes Admin Credentials in Configuration Responses

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack appropriate Cache-Control directives, which may permit web browsers to cache pages containing these credentials and enable subsequent disclosure to an attacker with access to the client system or browser profile.

CWE	CWE-201
Vendor	shenzhen tenda technology co., ltd.
Product	tenda ac7
Published	Feb 3, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for shenzhen tenda technology co., ltd. tenda ac7

Be the first to know when new unknown vulnerabilities affecting shenzhen tenda technology co., ltd. tenda ac7 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Shenzhen Tenda Technology Co., Ltd. / Tenda AC7

0 ≤ 03.03.03.01_cn

References

NVD ↗ CVE.org ↗ EPSS Data ↗

tendacn.com: https://www.tendacn.com/product/AC7 vulncheck.com: https://www.vulncheck.com/advisories/tenda-ac7-exposes-admin-credentials-in-configuration-responses

Credits

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.