CVE-2026-24427

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.5 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack appropriate Cache-Control directives, which may permit web browsers to cache pages containing these credentials and enable subsequent disclosure to an attacker with access to the client system or browser profile.

Vulnerability Details

Published Date

February 03, 2026

Last Modified

February 10, 2026

CWE ID

CWE-201

Source

NVD

Vendor

Shenzhen Tenda Technology Co., Ltd.

Product

Tenda AC7

External References

https://www.tendacn.com/product/AC7
https://www.vulncheck.com/advisories/tenda-ac7-exposes-admin-credentials-in-configuration-responses

CVE-2026-24427

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment