CVE-2026-27514

MEDIUM 6.5

Tenda F3 Plaintext Credential Exposure in Configuration Download

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits appropriate Cache-Control directives, which can allow the response to be stored in client-side caches and recovered by other local users or processes with access to cached browser data.

CWE	CWE-201 CWE-525
Vendor	shenzhen tenda technology co., ltd.
Product	tenda f3
Published	Feb 23, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for shenzhen tenda technology co., ltd. tenda f3

Be the first to know when new medium vulnerabilities affecting shenzhen tenda technology co., ltd. tenda f3 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

Shenzhen Tenda Technology Co., Ltd. / Tenda F3

0 ≤ 12.01.01.55_multi

References

NVD ↗ CVE.org ↗ EPSS Data ↗

tendacn.com: https://www.tendacn.com/product/F3 vulncheck.com: https://www.vulncheck.com/advisories/tenda-f3-plaintext-credential-exposure-in-configuration-download

Credits

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.