CVE-2026-24434

UNKNOWN 0.0

Tenda AC7 Web Interface Lacks CSRF Protections for Admin Actions

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrator to perform unintended state-changing requests and modify router settings.

CWE	CWE-352
Vendor	shenzhen tenda technology co., ltd.
Product	tenda ac7
Published	Feb 3, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for shenzhen tenda technology co., ltd. tenda ac7

Be the first to know when new unknown vulnerabilities affecting shenzhen tenda technology co., ltd. tenda ac7 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Shenzhen Tenda Technology Co., Ltd. / Tenda AC7

0 ≤ 03.03.03.01_cn

References

NVD ↗ CVE.org ↗ EPSS Data ↗

tendacn.com: https://www.tendacn.com/product/AC7 vulncheck.com: https://www.vulncheck.com/advisories/tenda-ac7-web-interface-lacks-csrf-protections-for-admin-actions

Credits

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.