6.8
CVE-2026-24427
- EPSS 0.12%
- Veröffentlicht 03.02.2026 19:16:16
- Zuletzt bearbeitet 10.02.2026 14:12:30
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
Tenda AC7 Exposes Admin Credentials in Configuration Responses
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack appropriate Cache-Control directives, which may permit web browsers to cache pages containing these credentials and enable subsequent disclosure to an attacker with access to the client system or browser profile.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tenda ≫ Ac7 Firmware Version <= 03.03.03.01
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.02 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| disclosure@vulncheck.com | 6.8 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-201 Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
https://www.tendacn.com/product/AC7
https://www.vulncheck.com/advisories/tenda-ac7-exposes-admin-credentials-in-configuration-responses