CVE-2026-24441

UNKNOWN 0.0

Tenda AC7 Transmits Admin Credentials Without HTTPS Protection

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material.

CWE	CWE-319
Vendor	shenzhen tenda technology co., ltd.
Product	tenda ac7
Published	Feb 3, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for shenzhen tenda technology co., ltd. tenda ac7

Be the first to know when new unknown vulnerabilities affecting shenzhen tenda technology co., ltd. tenda ac7 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Shenzhen Tenda Technology Co., Ltd. / Tenda AC7

0 ≤ 03.03.03.01_cn

References

NVD ↗ CVE.org ↗ EPSS Data ↗

tendacn.com: https://www.tendacn.com/product/AC7 vulncheck.com: https://www.vulncheck.com/advisories/tenda-ac7-transmits-admin-credentials-without-https-protection

Credits

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.